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Dictionary of Cybersecurity 


CISC) International Information Systems Security Certification Consortium, (ISC)? is an 
international nonprofit membership association focused on inspiring a safe and secure cyber world. Best 
known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)* 


offers a portfolio of credentials that are part of a holistic, programmatic approach to security. 


IxRTT Single-Carrier (Ix) Radio Transmission Technology, IxRTT is an operational mode for 
CDMA2000 wireless communications that specifies a single (1x) 1.25MHz channel for data transfer. IxRTT 
was the first version of COMA2000, which is the International Telecommunication Union's (ITU) COMA 
(Code-Division Multiple Access) implementation of the IMT-2000 standard. The theoretical network voice 
capacity of basic IxRTT systems is approximately 144 kilobits per second (Kbps) although in practice the 
highest attainable speed is more like 80 Kbps. Versions of COMA2000 have been developed by Ericsson and 


Qualcomm. 


2600 The Hacker Quarterly is an American seasonal publication of technical information and 
articles, many of which are written and submitted by the readership, on a variety of subjects including hacking, 
telephone switching systems, Internet protocols and services, as well as general news concerning the computer 


"underground". 


3D Technology Three-Dimensional Technology. Presentations of information that give the user the illusion 


that the object viewed is actually in the room with the user. 
3DES Triple DES. 


3G, 4G and SG, ‘G’ stands for ‘Generation’, as in ‘a generation of mobile technology’. IG was analogue 
mobile phones, 2G was digital phones. 3G and 4G mobile technologies brought with them new ‘base 
technologies’, or functionality; services include wide-area wireless voice telephone, video calls and wireless data, 
all in a mobile environment. 3G and 4G allow simultaneous use of speech and data services and higher data 
rates. SG is the proposed next telecommunications standards beyond the current 4G/IMT-Advanced 
standards. Rather than faster peak Internet connection speeds, SG planning aims at higher capacity than 
current 4G, allowing higher number of mobile broadband users per area unit, and allowing consumption of 
higher or unlimited data quantities in gigabyte per month and user. Without exception, each new generation 


brings faster internet speeds than the last. 


403 Forbidden A web server may return an HTTP 403 Forbidden status in response to a request from a 
client for a web page, or it may indicate that the server can be reached and process the request but refuses to 
take any further action. Status code 403 responses are the result of the web server being configured to deny 
access to the requested resource by the client. A common request that may result in a 403 Forbidden response 
is a GET for a web page, performed by a web browser to retrieve the page for display to a user in a browser 


window. The web server may return a 403 Forbidden status for other types of requests as well. 


419 Scam Advance-fee scam. The number 419 refers to the article of the Nigerian Criminal Code (part 
of Chapter 38: "Obtaining property by false pretenses; Cheating") dealing with fraud. 


4GL Fourth-Generation Language. A computer language that is easy to learn and use and often 


associated with rapid applications development. 


802.11 IEEE 802.11. Family of IEEE standards for wireless LANS first introduced in 1997. The 
first standard to be implemented, 802.1 1b, specifies from I to 11 Mbps in the unlicensed band using DSSS 
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direct sequence spread spectrum technology. The Wireless Ethernet Compatibility Association (WECA) 
brands it as Wireless Fidelity (Wi-Fi). 


802.1X IEEE 802.1X. An IEEE standard for port based layer two authentications in 802 standard 
networks. Wireless LANS often use 802.1X for authentication of a user before the user has the ability to 


access the network. 


AA Adaptive Array. Continually monitors received signal for interference. The antenna 


automatically adjusts its directional characteristics to reduce the interference. 


AAL ATM adaptation layer. The use of Asynchronous Transfer Mode (ATM) technology and 
services creates the need for an adaptation layer in order to support information transfer protocols, which are 
not based on ATM. This adaptation layer defines how to segment and reassemble higher-layer packets into 
ATM cells, and how to handle various transmission aspects in the ATM layer. Examples of services that need 
adaptations are Gigabit Ethernet, IP, Frame Relay, SONET/SDH, UMTS/ Wireless, etc. only optical fibers 


can be used. 


AARP AppleTalk Address Resolution Protocol, resolves AppleTalk addresses to link layer, usually 
MAG, addresses. It is functionally equivalent to ARP. AARP is a fairly simple system. When powered on, an 
AppleTalk machine broadcasts an AARP probe packet asking for a network address, intending to hear back 
from controllers such as routers. If no address is provided, one is picked at random from the "base subnet", 0. 
It then broadcasts another packet saying "I am selecting this address", and then waits to see if anyone else on 
the network complains. If another machine has that address, it will pick another address, and keep trying until 
it finds a free one. On a network with many machines it may take several tries before a free address is found, so 
for performance purposes the successful address is "written down" in NVRAM and used as the default 
address in the future. This means that in most real-world setups where machines are added a few at a time, 


only one or two tries are needed before the address effectively become constant. 


AARP AppleTalk Address Resolution Protocol. 
AAW Anti-Air Warfare. A primary warfare mission area dealing with air superiority. 
Abduction A form of inference that generates plausible conclusions (which may not necessarily be true). 


As an example, knowing that if it is night, then a movie is on television and that a movie Is on television, then 


abductive reasoning allows the inference that it is night. 


Abend Acronym for abnormal end of a task. It generally means a software crash. The abnormal 
termination of a computer application or job because of a non-system condition or failure that causes a 


program to halt. 


Ability Capacity, fitness, or tendency to act in specified or desired manner. Skill, especially the 
physical, mental, or legal power to perform a task. 


ABR Area border router. An area border router is a router that connects one or more areas to the 
main backbone network. It is considered a member of all areas it is connected to. An ABR keeps multiple 


copies of the link-state database in memory, one for each area to which that router is connected. 


Abstraction The process of identifying the characteristics that distinguish a collection of similar objects; 
the result of the process of abstraction is a type. 


AC (1) Access Control (Token Ring). 
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AC (2) Alternating Current. Typically, the 120-V electricity delivered by the local power utility to 
the three-pin power outlet in the wall. The polarity of the current alternates between plus and minus, 60 times 
per second. 

ACC Audio Communications Controller. 


Acceptable Interruption Window The maximum period of time that a system can be unavailable before 


compromising the achievement of the enterprise's business objectives 


Acceptable Risk The level of residual risk that has been determined to be a reasonable level of potential 
loss/disruption for a specific IT system. 


Acceptance Confidence Level The degree of certainty in a statement of probabilities that a conclusion is 


correct. In sampling, a specified confidence level is expressed as a percentage of certainty. 


Acceptance Inspection The final inspection to determine whether or not a facility or system meets 


the specified technical and performance standards. 





Acceptance Testing The formal testing conducted to determine whether a software system 


satisfies its acceptance criteria, enabling the customer to determine whether to accept the system. 
Access Authority Entity responsible for monitoring and granting access privileges for other authorized entities. 
Access Control Certificate ADI in the form of a security certificate. 


Access Control Check The security function that decides whether a subject’s request to perform 
y J q P 


an action on a protected resource should be granted or denied. 


Access Control Mechanism Security safeguards (i.e., hardware and software features, physical controls, 
operating procedures, management procedures, and various combinations of these) designed to detect and deny 


unauthorized access and permit authorized access to an information system. 


Access Control Policy The set of rules that define the conditions under which an access may take 


place. 


Access Control A cornerstone of security is the ability to determine who can access computer networks and 
systems. Control can be exercised through the use of access control protocols, computer applications that 
authenticate the user logging into a network. It is a physical or technical control (or system) to ensure 
authorised access and to prevent unauthorised access to resources, premises or systems to enforce business or 
security requirements. This could include such things as a lock to which only authorised personnel have the 
key, a swipe-card entry system, PIN controls on ATMs, file permissions on a server or any other means of 
controlling usage. The process allows only authorized users, programs, or other computer system (i.e., 


networks) to access the resources of a computer system. 


Access Level A category within a given security classification limiting entry or system connectivity to only 


authorized persons. 


Access List A catalog of users, programs, or processes and the specifications of the access categories to 


which each is assigned. 


Access Management Rights Management or Identity Management. This describes the process 


responsible for permitting user access to information services, information or other protected assets. Access 
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Management supports protective measures assuring the Confidentiality, Integrity and Availability of assets by 


ensuring that only authorised users are able to access or modify them. 


Access Path The logical route that an end user takes to access computerized information. Typically, it 
includes a route through the operating system, telecommunications software, selected application software and 


the access control system. 


Access Period — A segment of time, generally expressed on a daily or weekly basis, during which access rights 


prevail. 


Access Point A device that logically connects wireless client devices operating in infrastructure to one 
another and provides access to a distribution system, if connected, which is typically an organization’s 


enterprise wired network. 
Access Profile Association of a user with a list of protected objects the user may access. 


Access Protocol A defined set of procedures that is adopted at an interface at a specified reference point 


between a user and a network to enable the user to employ the services or facilities of that network. 


Access Provider Provides a user of some network with access from the user’s terminal to that network. This 
definition applies specifically for the present document. In a particular case, the AP and network operator 


(NWO) may be a common commercial entity. 


Access Rights The permission or privileges granted to users, programs or workstations to create, change, 
delete or view data and files within a system, as defined by rules established by data owners and the 


information security policy. 


Access Type The privilege to perform action on an object; Read, write, execute, append, modify, delete, 


and create are examples of access types. 


Access Ability and means to communicate or interact with a system; to use system resources to 
handle information; to gain knowledge of the information the system contains; or to control system 


components and functions. 


Accident Technically, any unplanned or unintended event, sequence, or combination of events that 
results in death, injury, or illness to personnel or damage to or loss of equipment or property (including data, 
intellectual property, etc.), or damage to the environment. Legally, any unpleasant or unfortunate occurrence 


that causes injury, loss, suffering, or death; an event that takes place without one’s foresight or expectation. 
Account Harvesting Is the process of collecting all the legitimate account names on a system. 


Accountability An essential ingredient of security systems is the ability to determine who performed any 
given action and which actions occurred during a specific time interval. Organizations improve accountability 
by using the latest software applications, including intrusion detection and network auditing tools, to trace 


violations or attempted violations of computer security to individuals who then can be held responsible. 


Accounting Number Number assigned to an item of COMSEC material to facilitate its control. 
Accounting The process of apportioning charges between the home environment, serving network, and 
user. 

Accreditation Boundary All components of an information system to be accredited by designated 


approving authority and excluding separately accredited systems, to which the information system is connected. 
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Accreditation Letter The accreditation letter documents the decision of the authorizing official 
and the rationale for the accreditation decision and is documented in the final accreditation package, which 


consists of the accreditation letter and supporting documentation. 


Accreditation Package A product of the certification effort and the main basis for the 
accreditation decision. Note The accreditation package, at a minimum, will include a recommendation 
for the accreditation decision and a statement of residual risk in operating the system in its environment. Other 


information included may vary depending on the system and the DAA. 


Accreditation (1) A management or administrative process of accepting a specific site 
installation/ implementation for operational use based upon evaluations and certifications. (2) A formal 
declaration by a Designated Approving Authority (DAA) that the AIS is approved to operate in a particular 
security mode using a prescribed set of safeguards. Accreditation is the official management authorization for 
operation of an AIS and is based on the certification process as well as other management considerations. The 
accreditation statement affixes security responsibility with the DAA and shows that due care has been taken 
for security. (3) Formal declaration by a (DAA) that an information system is approved to operate in a 


particular security mode using a prescribed set of safeguards at an acceptable level of risk. 


Accredited Formally confirmed by an accreditation body as meeting a predetermined standard of 


impartiality and general technical, methodological, and procedural competence. 


Accreditor The designated approving authority (often a single individual, but frequently one of a team) 
that undertakes accreditation 


Accumulator An area of storage in memory used to develop totals of units or items 


being computed. 


Accuracy A performance criterion that describes the degree of correctness with which a function is 
performed. 
ACD Automatic Call Distribution. A specialized phone system originally designed simply to route 


incoming calls to all available personnel so that calls are evenly distributed. An ACD recognizes and answers 
an incoming call, looks in its database for instructions on what to do with that call, sends the call to a 


recording or voice response unit or to an available operator. 


ACE User data protection access control functions. 
ACH Automated Clearinghouse. 
ACI Access Control Information. Any information used for access control purposes, including 


contextual information. 


ACK Acknowledgment. A type of message sent to indicate that a block of data arrived at its 


destination without error. A negative acknowledgment is called a “NAK”. 


ACL Access Control List. A list of permissions associated with an object. The list specifies who or 
what is allowed to access the object and what operations are allowed to be performed on the object. It is a 
mechanism that implements access control for a system resource by enumerating the system entities that are 
permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each 


entity. It is the usual means by which access to, and denial of, service is controlled. It is simply a list of the 
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services available, each with a list of the hosts permitted to use the services. Most network security systems 


operate by allowing selective use of services. 
ACM Configuration management assurance class. 
Acquisition Organization The government organization that is responsible for developing a system. 


Acquisition, Development, and Installation Controls The process of assuring that adequate controls are 
considered, evaluated, selected, designed, and built into the system during its early planning and development 
stages and that an on-going process is established to ensure continued operation at an acceptable level of risk 


during the installation, implementation, and operation stages. 


ACR Acoustic Conference Room, an enclosure which provides acoustic but not electromagnetic 


emanations shielding; ACRs are no longer procured; TCRs are systematically replacing them. 


Acrostic A poem or series of lines in which certain letters, usually the first in each line, form a name, 


motto, or message when read in sequence. 


ACSE Association Control Service Element. Part of the application layer of the OSI] Model. ASCE 
provides the means to exchange authentication information coming from the Specific Application Service 


Element (SASE) of the OSI Model. 

Action ADI Action decision information associated with the action. 

Action The operations and operands that form part of an attempted access. 

Activation Data Private data, other than keys, that are required to access cryptographic modules. 


Active Attack — An attack that alters a system or data. An attack on the authentication protocol where the 
Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relying Party. Examples of 


active attacks include man-in-the-middle, impersonation, and session hijacking. 


Active Content Electronic documents that can carry out or trigger actions automatically on a computer 
platform without the intervention of a user. Software in various forms that is able to automatically carry out or 


trigger actions on a computer platform without the intervention of a user. 


Active Defense process of personnel taking an active and involved role in identifying and countering threats 


to the network and its systems. 
Active Object — An object that has its own process; the process must be ongoing while the active object exists. 


Active Security Testing Security testing that involves direct interaction with a target, such as 


sending packets to a target. 


Active System A system connected directly to one or more other systems. Active systems are physically 


connected and have a logical relationship to other systems. 
Active Threat The threat of a deliberate unauthorized change to the state of the system. 


Active Wiretapping The attachment of an unauthorized device (e.g., a computer terminal) to a 
communications circuit to gain access to data by generating false messages or control signals or by altering the 


communications of legitimate users. 
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ActiveX Microsoft's Windows-specific non-Java technique for writing applets. ActiveX applets take 


considerably longer to download than the equivalent Java applets; however, they more fully exploit the features 
of Windows. 


Activities An assessment object that includes specific protection-related pursuits or actions supporting 


an information system that involve people (e.g., conducting system backup operations, monitoring network 


traffic). 


Activity Monitor Antiviral software that checks for signs of suspicious activity, such as attempts to rewrite 


program files, format disks, etc. 


Ad blocker Software placed on a user’s personal computer that prevents advertisements from being 
displayed on the Web. Benefits of an ad blocker include the ability of Web pages to load faster and the 


prevention of user tracking by ad networks. 


Ad Hoc NetworkA wireless network that dynamically connects wireless client devices to each other without 


the use of an infrastructure device, such as an access point or a base station, 


Ada A programming language that allows use of structured techniques for program design; 


concise but powerful language designed to fill government requirements for real-time applications. 


Adaptive Filter Prompts user to rate products or situations and also monitors your actions over time to find 


out what you like and dislike. 
Adaptivity The ability of intelligent agents to discover, learn, and take action independently. 


Add-On Security The retrofitting of protection mechanisms, implemented by hardware, firmware, or software, 


on a computer system that has become operational. 


Address Mapping The process by which an alphabetic Internet address is converted into a numeric IP address, 


and vice versa. 


Address Mask A bit mask used to identify which bits in an IP address correspond to the network address 
and subnet portions of the address. This mask is often referred to as the subnet mask because the network 
portion of the address can be determined by the class inherent in an IP address. The address mask has ones in 


positions corresponding to the network and subnet numbers and zeros in the host number positions. 


Address Resolution A means for mapping network layer addresses onto media-specific 
addresses. 
Address (1) A sequence of bits or characters that identifies the destination and sometimes the source 


of a transmission. (2) An identification (e.g., number, name, or label) for a location in which data is stored. 


Adequate Security Security commensurate with the risk and magnitude of the harm resulting 
from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that 
systems and applications operate effectively and provide appropriate confidentiality, integrity, and availability, 
through the use of cost-effective management, acquisition, development, installation, operational, and technical 


controls. 


ADF Access Control Decision Function, A specialized function that makes access control 
decisions by applying access control policy rules to a requested action, ACI (of initiators, targets, actions, or 


that retained from prior actions), and the context in which the request is made. 
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ADI Access Control Decision Information. The portion (possibly all) of the ACI made available 


to the ADF in making a particular access control decision, 


Adjacent Channel Interference Interference of a signal caused by signal transmissions of another frequency 


too close in proximity. 
ADM Guidance documents, administrator guidance. 


Administration Personnel responsible for administering computer security define security parameters, 


maintain and monitor security systems, and modify policy information, 
Administrative Account A user account with full privileges on a computer. 


Administrative Controls The actions or controls dealing with operational effectiveness, efficiency 


and adherence to regulations and management policies. 


Administrative Safeguards Administrative actions, policies, and procedures to manage the selection, 
development, implementation, and maintenance of security measures to protect electronic health information 


and to manage the conduct of the covered entity's workforce in relation to protecting that information. 


Administrative Security Information Persistent information associated with entities; it is 
conceptually stored in the Security Management Information Base. Examples are security attributes associated 
with users and set up on user account installation, which is used to configure the user’s identity and privileges 
within the system information configuring a secure interaction policy between one entity and another entity, 


which is used as the basis for the establishment of operational associations between those two entities. 


Administrative Security The management constraints, operational procedures, accountability 
procedures, and supplemental controls established to provide an acceptable level of protection for sensitive 


data. 


Administrator Privileges Allow computer system-access to resources that are unavailable to most 


users. Administrator privileges permit execution of actions that would otherwise be restricted. 


ADO Delivery and operation assurance class. 

ADSL Asymmetric Digital Subscriber Line. A DSL line where the upload speed is different from 
the download speed. Usually the download speed is much greater. 

ADSP AppleTalk Data Stream Protocol. 

ADV Development assurance class. 

Advanced Persistent Threat Advanced persistent threat (APT) usually refers to a group, such as a 


foreign government, with both the capability and the intent to persistently and effectively target a specific 
entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage 
using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other 
threats such as that of traditional espionage or attack. Other recognized attack vectors include infected media, 
supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually 
referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are 


intent on gaining access to, or attacking, a specific target. 


Advance-Fee Scam An advance-fee scam is a type of fraud and one of the most common types 


of confidence trick. The scam typically involves promising the victim a significant share of a large sum of 
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money, in return for a small up-front payment, which the fraudster requires in order to obtain the large sum. If 
a victim makes the payment, the fraudster either invents a series of further fees for the victim, or simply 


disappears. 
Adversary Data profiles, names, capability assessments, historical attack data & associated trending. 


Adversary Intelligence Providers | CrowdStrike, FireEye,/ Mandiant, iSight Partners, Symantec DeepSight, 
Verisign iDefense 


Adversary Any individual, group, organization, or government that conducts activities, or has the 


intention and capability to conduct activities, detrimental to critical assets. 


Advisory Sensitivity Attributes User-supplied indicators of file sensitivity that alert other users to the 
sensitivity of a file so that they may handle it appropriate to its defined sensitivity. Advisory sensitivity 


attributes are not used by the AIS to enforce file access controls in an automated manner. 


Advisory Notification of significant new trends or developments regarding the threat to the 
information systems of an organization. This notification may include analytical insights into trends, 
intentions, technologies, or tactics of an adversary targeting information systems. In the context of Information 
Security, and advisory is a report on vulnerabilities, weaknesses or flaws discovered (or existing, or predicted) 


in software, systems or services, often with advice for dealing with them or working around them. 


Adware A software package that automatically plays, displays or downloads advertising material to a 
computer after the software is installed on it or while the application is being used. In most cases, this is done 
without any notification to the user or without the user’s consent. The term adware may also refer to software 
that displays advertisements, whether or not it does so with the user’s consent; such programs display 
advertisements as an alternative to shareware registration fees. These are classified as adware in the sense of 
advertising supported software, but not as spyware. Adware in this form does not operate surreptitiously or 


mislead the user, and it provides the user with a specific service. 
AEF Access control enforcement function. 


AEF Access Control Enforcement Function, A specialized function that is part of the access path 


between an initiator and a target on each access that enforces the decisions made by the ADF. 


AEP AppleTalk Echo Protocol. A transport layer protocol designed to test the reachability of 
network nodes. AEP generates packets to be sent to the network node and is identified in the Type field of a 
packet as an AEP packet. The packet is first passed to the source DDP. After it is identified as an AEP packet, 
it is forwarded to the node where the packet is examined by the DDP at the destination. After the packet is 
identified as an AEP packet, the packet is then copied and a field in the packet is altered to create an AEP 


reply packet, and is then returned to the source node. 


AES Advanced Encryption Standard. A new encryption standard, whose development and 
selection was sponsored by NIST, that will support key lengths of 128, 192, and 256 bits. In 1997, the 
National Institute of Standards and Technology (NIST) announced its intention to develop a Federal 
Information Processing Standard (FIPS) for a standard encryption method. Fifteen companies were invited to 
create and present alternatives to the 20-year-old Data Encryption Standard (DES). The new AES, a strong, 
256-bit encryption able to protect sensitive government data, must be an unclassified, publicly disclosed. In 
1998, the candidates presented their bids at a conference; open debate on the merits of each candidate's entry 
continues today. As of August 1999, NIST announced five finalists, which include IBM, RSA, Counterpane 
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Systems, the University of Cambridge, and -- jointly -- Banksys/ PWI and the Catholic University of Leuven, 
who will undergo further analysis and testing until the "winner" is announced by fall of 2000. 


Affiliate Programs Arrangements made between E-commerce sites that direct users from one 


site to the other and by which, if a sale is made as a result, the originating site receives a commission, 


Affordability Extent to which C4I features are cost effective on both a recurring and nonrecurring basis. 
AFL Authentication failures. 
AFP The Apple Filing Protocol. Formerly AppleTalk Filing Protocol, is the protocol for 


communicating with AppleShare file servers. Built on top of AppleTalk Session Protocol (for legacy AFP over 
DDP) or the Data Stream Interface (for AFP over TCP), it provides services for authenticating users 
(extensible to different authentication methods including two-way random-number exchange) and for 
performing operations specific to the Macintosh HFS filesystem. AFP is still in use in macOS, even though 
most other AppleTalk protocols have been deprecated. 


AGD Guidance documents assurance class. 


Agency Certification Authority A CA that acts on behalf of an agency and is under the operational control 


of an agency. 


Agency Any executive department, military department, government corporation, government- 
controlled corporation, or other establishment in the executive branch of the government (including the 
Executive Office of the President), or any independent regulatory agency, but does not include (1) the 
Government Accountability Office; (2) the Federal Election Commission; (3) the governments of the District 
of Columbia and of the territories and possessions of the United States, and their various subdivisions; or (4) 
government owned contractor-operated facilities, including laboratories engaged in national defense research 


and production activities. 


Agent In the client/server model, the part of the system that performs information preparation and 


exchange on behalf of a client or server application. 


Aggregate Information Information that may be collected by a Web site but is not “personally 
identifiable” to you. Aggregate information includes demographic data, domain names, Internet provider 
addresses, and Web site traffic. As long as none of these fields is linked to a user’s personal information, the 


data is considered aggregate. 


Aggregation Of particular relevance in considering the increased sensitivity/ value of 
large volumes of personal data, but applies also to other information resources. Aggregation is the effect by 
which information may be combined with other information in order to increase its sensitivity or value. This 
may be due to accumulation whereby a large quantity of similar data elements (e.g. multiple individual's 
financial records) increase the value of the set as a whole. Association, whereby differing information may be 
combined to increase value/ sensitivity (e.g, combining anonymised usage data with details of the users 
themselves). Inference/ Omission, whereby sensitive or valuable inferences can be drawn by "reading between 


the lines", or perhaps by observing the anomalous omission of key aspects of data. 


Aging The identification, by date, of unprocessed or retained items in a file. This is usually done by 


date of transaction, classifying items according to ranges of data, 


AH Authentication Header. 
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AI (1) Artificial Intelligence. A field of study involving techniques and methods under which 
computers can simulate such human intellectual activities as learning, 

AI (2) Authentication Information. Information used to establish the validity of a claimed identity. 
Air Gap To physically separate or isolate a system from other systems or networks. The physical 


separation or isolation of a system from other systems or networks, 


Air-Gapped Network Air gapping is a security measure that isolates a secure network from 


unsecure networks physically, electrically and electromagnetically. 


AIS Automated Information System. (1) An assembly of computer hardware, software, firmware, 
and related peripherals configured to collect, create, compute, disseminate, process, store, and control data or 
information; and (2) Information systems that manipulate, store, transmit, or receive information, and 


associated peripherals such as input/ output and data storage and retrieval devices and media. 


AJAX Asynchronous JavaScript and XML. A way of including content in a web page in which 
JavaScript code in the web page fetches some data from a server and displays it without re-fetching the entire 
surrounding page at the same time (hence the 'Asynchronous') . A simple example of Ajax would be a weather- 
forecast box in the middle of a web page. Ajax could be used to populate the box every 5 minutes without 


needing to refresh the surrounding page. 


AKP Advanced Key Processor. A cryptographic device that performs all cryptographic unctions 
for a management client node and contains the interfaces to (1) exchange information with a client platform, 


(2) interact with fill devices, and (3) connect a client platform securely to the primary services node (PRSN). 


Alarm Collector Function A function that collects the security alarm messages, translates them into 


security alarm records, and writes them to the security alarm log. 
Alarm Examiner Function A function that interfaces with a security alarm administrator. 


ALARP As low as reasonably practical; a method of correlating the likelihood of a hazard and the 


severity of its consequences to determine risk exposure acceptability or the need for further risk reduction. 


ALC Accounting Legend Code. Numeric code used to indicate the minimum accounting controls 
required for items of accountable communications security (COMSEC) material within the COMSEC 
Material Control System, 


ALC Lifecycle support assurance class. 
ALE Annual Loss Expectancy. In risk assessment, the average monetary value of losses per year. 


Alert Situation The point in an emergency procedure when the elapsed time passes a threshold and the 


interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps. 


Alert Notification that a specific attack has been directed at an organization's information systems. 
Algorithm A computing procedure designed to perform a task such as encryption, compression, or 
hashing. 

Aliases Used to reroute browser requests from one URL to another. 
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All Source Intelligence In the NICE Workforce Framework, cybersecurity work where a person 
analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. 


Synthesizes and places intelligence information in context; draws insights about the possible implications. 


Allocation The process an organization employs to determine whether security controls are defined as 
system-specific, hybrid, or common. The process an organization employs to assign security controls to 
specific information system components responsible for providing a particular security capability (e.g., router, 


server, remote sensor). 
Alphabetic Test The check on whether an element of data contains only alphabetic or blank characters. 
Alphanumeric A character set that includes numeric digits, alphabetic characters, and other special symbols. 


Alternate COMSEC Custodian Individual designated by proper authority to perform the duties of the 
COMSEC custodian during the temporary absence of the COMSEC custodian. 


Alternate Facilities Locations and infrastructures from which emergency or backup processes 
are executed, when the main premises are unavailable or destroyed. Includes other buildings, offices or data 


processing centers. 


Alternate Process Automatic or manual process designed and established to continue critical business processes 


from point-of-failure to return-to-normal. 


Alternate Work Site Governmentwide, national program allowing federal employees to work at 


home or at geographically convenient satellite offices for part of the work week (e.g., telecommuting). 


ALU Arithmetic Logic Unit. A component of the computer's processing unit, in which arithmetic 


and matching operations are performed. 


AM Amplitude Modulation. The technique of varying the amplitude or wavelength of a carrier 


wave in direct proportion to the strength of the input signal while maintaining a constant frequency and phase. 


AMI Alternate Mark Inversion, The line coding format in T-I transmission systems whereby 
successive Is (marks) are alternately inverted (sent with polarity opposite that of the preceding mark). 


AMIA The American Medical Informatics Association. 


Amp Ampere. A unit of measurement for electric current. One volt of potential across a I-ohm 


impedance causes a current flow of I ampere. 
AMT Protection of the TSF, underlying abstract machine test. 


Analog A transmission signal that varies continuously in amplitude and time and is generated in 


wave formation. Analog signals are used in telecommunications 


Analysis and Design Phase The phase of the systems development life cycle in which an existing 


system is studied in detail and its functional specifications are generated. 
Analysis The examination of acquired data for its significance and probative value to the case. 


Anamorphosis An image or the production of an image that appears distorted unless it is viewed from a 


special angle or with a special instrument. 


and hardware. 
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ANN Artificial Neural Network. An artificial intelligence system that is capable of finding and 
differentiating patterns. 


Anomaly-Based Detection The process of comparing definitions of what activity is considered 


normal against observed events to identify significant deviations. 
Anonymity The state in which something is unknown or unacknowledged. 


Anonymizer A service that prevents Web sites from seeing a user's Internet Protocol (IP) address. The 
y! P g 


service operates as an intermediary to protect the user’s identity. 


Anonymous A loosely affiliated collective of "hacktivists" who engage ideologically 
motivated cyber-attacks against corporate and governmental targets through web site disruptions and 
defacements, and the theft and release of sensitive documents and personal information. These attacks are 


often motivated by perceived violations of social, political or environmental norms. 


ANS American National Standards. Standards developed and approved by organizations 
accredited by ANSI. 
ANSI American National Standards Institute. The agency that recommends standards for 


computer hardware, software, and firmware design and use. 


Antenna Gain The measure in decibels of how much more power an antenna will radiate in a certain 


direction with respect to that which would be radiated by a reference antenna. 


Anti Spyware Software A program that specializes in detecting, blocking, and removing forms of 


spyware. 
Anti-Debugger Referring to technology that detects or thwarts the use of a debugger on a piece of software. 


Anti-Jam Countermeasures ensuring that transmitted information can be received despite deliberate 


jamming attempts. 


Anti-Malware A technology widely used to prevent, detect and remove many categories of malware, 


including computer viruses, worms, Trojans, keyloggers, malicious browser plug-ins, adware and spyware. 


Anti-Spoof Countermeasures taken to prevent the unauthorized use of legitimate Identification & 


Authentication (IXA) data, however it was obtained, to mimic a subject different from the attacker. 


Anti-Tampering Referring to technology that attempts to thwart the reverse engineering and patching of a 


piece of software in binary format. 


Antivirus A piece of software (or other service) that detects, and sometimes removes, viruses, Trojans 
and other malicious software that is detected. Antivirus software generally works using signatures to recognise 
malicious content, although may also contain hybrid functionality that allows it to detect suspicious behaviour 


in software or services, allowing it to assist in detecting unknown infections. 


Apache The most common web server (or HTTP server) software on the Internet. Designed as a set 
of modules, enabling administrators to choose which features they wish to use and making it easy to add 


features to meet specific needs including handling protocols other than the web-standard HTTP. 
APC Ambulatory Payment Class. A payment type for outpatient PPS claims. 


APE Protection profile evaluation assurance class. 
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API Application Programming Interface. 


APKI Architecture for Public-Key Infrastructure. Draft distribution service on which it is based. A 
symmetric key based method, in which both entities share common authentication information, is considered 
to be a weaker method than an asymmetric key based method, in which not all the authentication information 


is shared by both entities. 


App or Application An application is a computer program used to accomplish specific tasks 
not contained in the computer’s operating system (for example, word processors, spreadsheets, and graphics 
programs). Free and paid for ‘apps’ can also be installed on popular smartphone platforms and you should 
always ensure you only download from official marketplaces and read what phone features they want 


permission to access. 


Applet A small Java program that can be embedded in an HTML page. Applets differ from full- 
fledged Java applications in that they are not allowed to access certain resources on the local computer, such as 
files and serial devices (modems, printers, etc.), and are prohibited from communicating with most other 
computers across a network. The common rule is that an applet can only make an Internet connection to the 


computer from which the applet was sent. 


AppleTalk Data Stream Protocol This was a comparatively late addition to the AppleTalk protocol suite, 
done when it became clear that a TCP-style reliable connection-oriented transport was needed. Significant 


" connections; 


differences from TCP were: a connection attempt could be rejected; there were no "half-open' 
once one end initiated a tear-down of the connection, the whole connection would be closed (i.e, ADSP is 


full-duplex, not dual simplex). 


AppleTalk Session Protocol ASP was an intermediate protocol, built on top of ATP, which in turn was 
the foundation of AFP. It provided basic services for requesting responses to arbitrary commands d 
performing out-of-band status queries. It also allowed the server to send asynchronous attention messages to 


the client. 


AppleTalk AppleTalk was a proprietary suite of networking protocols developed by Apple Inc. for 
Macintosh computers. AppleTalk includes a number of features that allow local area networks to be connected 
with no prior setup or the need for a centralized router or server of any sort. Connected AppleTalk-equipped 
systems automatically assign addresses, update the distributed namespace, and configure any required inter- 
networking routing. It is a plug-n-play system. AppleTalk was released in 1985, and was the primary protocol 
used by Apple devices through the 1980s and 1990s. Versions were also released for the IBM PC and 
compatibles and the Apple IIGS. AppleTalk support was also available in most networked printers (especially 
laser printers), some file servers, and a number of routers. The rise of TCP/IP during the 1990s led to a 
teimplementation of most of these types of support on that protocol, and AppleTalk became unsupported as 
of the release of Mac OS X v10.6 in 2009. Many of AppleTalk's more advanced autoconfiguration features 


have since been introduced in Bonjour, while Universal Plug and Play serves similar needs. 


Applicant The subscriber is sometimes called an “applicant” after applying to a certification authority 


for a certificate, but before the certificate issuance procedure is completed. 


Application Architects IT professionals who can design creative technology-based business 


solutions. 
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Application Controls The transaction and data relating to each computer-based application 


system. 
Application Generation Subsystem Contains facilities to help you develop transaction-intensive applications. 


Application Layer In the Open Systems Interconnection (OSD) communications model, the 
application layer provides services for an application program to ensure that effective communication with 
another application program in a network is possible. The application layer is not the application that is doing 


the communication; a service layer that provides these services. 


Application Objects Applications and their components that are managed within an object- 
oriented system. Example operations on such objects are OPEN, INSTALL, MOVE, and REMOVE. 


Application Programming Interface Software applications, such as spreadsheets or word processing, use a 
special language and message format, the API, to communicate with the computer operating system, database 
management system or other system programs. Software system vendors provide APIs so that their customers 
can use various applications directly from their desktops. Development and use of standard APIs safeguards 
business-critical data. It is the interface between the application software and the application platform, across 
which all services are provided. The application programming interface is primarily in support of application 


portability, but system and application interoperability are also supported by a communication API. 


Application Programs Computer software designed for a specific job, such as word processing, 


accounting, spreadsheet, etc. 


Application Software Software that enables you to solve specific problems or perform specific 
tasks. 
Application A software program hosted by an information system. Software program that performs a 


specific function directly for a user and can be executed without access to system control, monitoring, or 
administrative privileges, such as word processing, spreadsheets, graphics, presentations and databases as 


opposed to operating system (OS) software. 
APPN Advanced peer-to-peer networking. 
Approved Mode of Operation A mode of the cryptographic module that employs only Approved security 


functions (not to be confused with a specific mode of an Approved security function, eg., Data Encryption 


Standard Cipher Block Chaining (DES CBC) mode). 


Approved Security Function A security function (eg., cryptographic algorithm, cryptographic key 
management technique, or authentication technique) that is either a) specified in an Approved Standard; b) 
adopted in an Approved Standard and specified either in an appendix of the Approved Standard or in a 
document referenced by the Approved Standard; or c) specified in the list of Approved security functions. 


APT Advanced Persistent Threat 


Arbitrary Code Execution Through arbitrary code execution, a cybercriminal may acquire control of 


a target through some sort of vulnerability, thereby gaining the power to execute commands at will. 


Architecture The structure or ordering of components in a computational or other 
system. The classes and the interrelation of the classes define the architecture of a particular application. At 
another level, the architecture of a system is determined by the arrangement of the hardware and software 


components. The terms “logical architecture” and “physical architecture” are often used to emphasize this 
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distinction. In the context of IT systems, "architecture" describes the approach to designing and constructing 
of systems, networks, applications or even information storage. A variety of formal methodologies exist to 


support information architecture development, and even more exist to help develop Security Architecture. 


ARCNET Developed by Datapoint Corporation in the 1970s; a LAN (Local Area Network) 
technology that competed strongly with Ethernet, but no longer does. Initially a computer connected via 
ARCNET could communicate at 2.5 Mbps, although this technology now supports a throughput of 20 Mbps 
(compared to current Ethernet at 1OO Mbps and I Gbps). 


ARF Asset Reporting Format. SCAP data model for expressing the transport format of 


information about assets (components) and the relationships between assets and reports. 


ARIN American Registry for Internet Numbers. A nonprofit organization established for the 
purpose of administration and registration of Internet Protocol (IP) numbers to the geographical areas 
currently managed by Network Solutions (InterNIC). Those areas include, but are not limited to North 
America, South America, South Africa, and the Caribbean. 


Arithmetic Operator In programming activities, a symbol representing an arithmetic calculation 
or process. 
ARP Address Resolution Protocol. The Internet protocol used to dynamically map Internet 


addresses to physical (hardware) addresses on the local area network. Limited to networks that support 


hardware broadcast. 
ARPA Advanced Research Projects Agency. 


Array Consecutive storage areas in memory that are identified by the same name. The elements (or 


groups) within these storage areas are accessed through subscripts. 
AS (1) Authentication server; part of Kerberos KDC. 


AS (2) Autonomous System. One or more routers under a single administration operating the same 


routing policy. 


AS& W Attack Sensing and Warning. Detection, correlation, identification, and characterization of 
intentional unauthorized activity with notification to decision makers so that an appropriate response can be 
developed. 

ASBR Autonomous system boundary router. An autonomous system boundary router is a router 


that is connected by using more than one routing protocol and that exchanges routing information with 
routers autonomous systems. ASBRs typically also run an exterior routing protocol (e.g., BGP), or use static 
routes, or both. An ASBR is used to distribute routes received from other, external ASs throughout its own 
autonomous system. An ASBR creates External LSAs for external addresses and floods them to all areas via 
ABR. Routers in other areas use ABRs as next hops to access external addresses. Then ABRs forward packets 
to the ASBR that announces the external addresses. 


ASC Accredited Standards Committee. 


ASC Accredited Standards Committee. An organization that has been accredited by ANSI for the 


development of American National Standards. 
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ASCII American Standard Code for Information Interchange. A byte-oriented coding system based 
on an 8-bit code and used primarily to format information for transfer in a data communications environment. 
This is the de facto world-wide standard for the code numbers used by computers to represent all the upper 
and lower-case Latin letters, numbers, punctuation, etc. There are 128 standard ASCII codes each of which 
can be represented by a 7 digit binary number 0000000 through IIIIIII. 


ASE Security Target Evaluation Assurance Class. 

ASIC Application-specific Integrated Circuit. 

ASIS American Society Industrial Security. 

ASK Amplitude Shift Keying. 

ASN. Abstract Syntax Notation is a language for representing data objects. It is popular to use this 


in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the 
data layout to be unambiguously specified. 


ASO Administrative Services Only. 

ASP (1) AppleTalk Session Protocol. 

ASP (2) Application Service Provider. Provides an outsourcing service for business software 
applications. 

ASP/MSP A third party provider that delivers and manages applications and computer services, 
including security services to multiple users via the Internet or Virtual Private Network (VPN). 

ASPIRE AFEHCT’s Administrative Simplification Print Image Research Effort work group. 

ASR Automatic Speech Recognition, A system that not only captures spoken words but also 


distinguishes word groupings to form sentences. 


Assembler Language A computer programming language in which alphanumeric symbols 
represent computer operations and memory addresses. Each assembler instruction translates into a single 


machine language instruction. 


Assembler Program A program language translator that converts assembler language into 


machine code. 


Assertion Explicit statement in a system security policy that security measures in one security domain 


constitute an adequate basis for security measures (or lack of them) in another. 


Assessment Findings Assessment results produced by the application of an assessment procedure 
to a security control or control enhancement to achieve an assessment objective; the execution of a 
determination statement within an assessment procedure by an assessor that results in either a satisfied or other 


than satisfied condition. 


Assessment Method One of three types of actions (i.e, examine, interview, test) taken by 


assessors in obtaining evidence during an assessment. 


Assessment Object The item (i.e., specifications, mechanisms, activities, individuals) upon 


which an assessment method is applied during an assessment. 
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Assessment Objective A set of determination statements that expresses the desired outcome for 


the assessment of a security control or control enhancement. 


Assessment Procedure A set of assessment objectives and an associated set of assessment methods 


and assessment objects. 


Assessment (1) An effort to gain insight into system capabilities and limitations. May 
be conducted in many ways including a paper analysis, laboratory type testing, or even through limited testing 
with operationally representative users and equipment in an operational environment. Not sufficiently rigorous 
in and of itself to allow a determination of effectiveness and suitability to be made for purposes of operational 
testing. (2) Surveys and Inspections; an analysis of the vulnerabilities of an AIS. Information acquisition and 
teview process designed to assist a customer to determine how best to use resources to protect information in 


systems. 


Asset Identification Security Content Automation Protocol (SCAP) constructs to uniquely 


identify assets (components) based on known identifiers and /or known information about the assets. 


Asset Protection Describes the process(es) undertaken in order to protect assets, whether they are physical, 


procedural or technical. 


Asset In computer security, a major application, general-support system, high-impact program, 


physical plant, mission-critical system, personnel, equipment, or a logically related group of systems. 


Association-Security-State The collection of information that is relevant to the 


control of communications security for a particular application-association. 


Assumption of Risk A plaintiff may not recover for an injury to which he assents; that is, that a 
person may not recover for an injury received when he voluntarily exposes himself to a known and appreciated 
danger. The requirements for the defense are that (1) the plaintiff has knowledge of facts constituting a 
dangerous condition, (2) he knows that the condition is dangerous, (3) he appreciates the nature or extent of 
the danger, and (4) he voluntarily exposes himself to the danger. Secondary assumption of risk occurs when an 
individual voluntarily encounters known, appreciated risk without an intended manifestation by that individual 


that he consents to relieve another of his duty. 


Assurance Case A structured set of arguments and a body of evidence showing that an information system 


satisfies specific claims with respect to a given quality attribute. 


Assurance (1) Grounds for confidence that the other four security goals (integrity, availability, 
confidentiality, and accountability) have been adequately met by a specific implementation.“Adequately met” 
includes the following: functionality that performs correctly, sufficient protection against unintentional errors 
(by users or software), and sufficient resistance to malicious penetration or by-pass. (2) A measure of 
confidence that the security features and architecture of an AIS accurately mediate and enforce the security 
policy. (3) A measure of confidence that the security features and architecture of an AIS accurately mediate 
and enforce the security policy. Assurance refers to a basis for believing that the objective and approach of a 
security mechanism or service will be achieved. Assurance is generally based on factors such as analysis 
involving theory, testing, software engineering, validation, and verification. Life-cycle assurance requirements 
provide a framework for secure system design, implementation, and maintenance. The level of assurance that a 
development team, certifier, or accreditor has about a system reflects the confidence that they have that the 


system will be able to enforce its security policy correctly during use and in the face of attacks. Assurance may 
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be provided through four means: (1) the way the system is designed and built, (2) analysis of the system 
description for conformance to requirement and for vulnerabilities, (3) testing the system itself to determine 
its operating characteristics, and (4) operational experience. Assurance is also provided through complete 
documentation of the design, analysis, and testing. Security-conscious organizations provide assurance to users, 
partners and customers by demonstrating and periodically validating that the claimed level of security 
protection is being enforced. Virus protection, services and consulting support, and policy management are all 


assurance techniques. 


Assured Information Sharing The ability to confidently share information with those who need it, when 


and where they need it, as determined by operational need and an acceptable level of security risk. 


Assured Software Computer application that has been designed, developed, analyzed, and tested using 


processes, tools, and techniques that establish a level of confidence in it. 


ASTM American Society for Testing and Materials. A standards group that has published general 
guidelines for the development of standards, including those for healthcare identifiers. ASTM Committee E31 


on Healthcare Informatics develops standards on information used within healthcare. 


ASUW Anti-Surface Warfare. A primary warfare mission area dealing with sea-going, surface 
platforms. 

ASV Approved Scanning Vendor. Company approved by the PCI Security Standards Council to 
conduct scanning services to identify common weaknesses in system configuration. 

ASW Anti-Submarine Warfare. A primary warfare mission area aimed against the subsurface threat. 
Asymmetric Cryptosystem This is an information system utilizing an algorithm or 


series of algorithms which provide a cryptographic key pair consisting of a private key and a corresponding 
public key. The keys of the pair have the properties that (1) the public key can verify a digital signature that 
the private key creates, and (2) it is computationally infeasible to discover or derive the private key from the 
public key. The public key can therefore be disclosed without significantly risking disclosure of the private key. 


This can be used for confidentiality as well as for authentication, 


Asymmetric Key A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a 
message. Two related keys, a public key and a private key that are used to perform complementary operations, 


such as encryption and decryption or signature generation and signature verification. 


Asynchronous A variable or random time interval between successive characters, blocks, operations, or 
events. Asynchronous data transmission provides variable intercharacter time but fixed interbit time within 


characters. 


ATD Advanced Threat Defense. Enables organizations to detect advanced targeted attacks and 


convert threat information into immediate action and protection. 


ATM Asynchronous Transfer Mode. Is a high-bandwidth, low-delay switching and multiplexing 
technology. It is a data-link layer protocol. This means that it is a protocol-independent transport mechanism. 
ATM allows very high-speed data transfer rates at up to 155 Mbps. Data is transmitted in the form of 53- 
byte units called cells. Each cell consists of a 5-byte header and a 48-byte payload. The term “asynchronous” 
in this context refers to the fact that cells from any one particular source need not be periodically spaced 


within the overall cell stream. That is, users are not assigned a set position in a recurring frame as is common 
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in circuit switching. ATM can transport audio/video/data over the same connection at the same time and 


provide QoS (Quality of Service) for this transport. 
ATO Approval to Operate. The official management decision issued by a DAA or PAA to 


authorize operation of an information system and to explicitly accept the residual risk to agency operations 


(including mission, functions, image, or reputation), agency assets, or individuals. 


Atomicity The assurance that an operation either changes the state of all participating objects 


consistent with the semantics of the operation or changes none at all. 


Atoms The smallest particle of an element that can exist alone or in combination, 
ATP AppleTalk Transaction Protocol. 
Attachment A file that has been added to an email or an instant message often an image or document. It 


could be something useful or something harmful to a computer. Some file formats such as .zip, .exe, .xls or jpg 
can be used to deliver malware or virus infections to unprotected computers. Be suspicious of attachments sent 
with unexpected emails or spam messages and scan any attachments with up to date anti-virus software before 


opening. 


Attack Mechanism A method used to deliver the exploit. Unless the attacker is personally 
performing the attack, an attack mechanism may involve a payload, or container, that delivers the exploit to the 


target. 


Attack Method The manner or technique and means an adversary may use in an assault on information or an 


information system. 
Attack Path The steps that an adversary takes or may take to plan, prepare for, and execute an attack. 


Attack Pattern Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, 
resulting in a security violation or a potential security violation. For software, descriptions of common 


methods for exploiting software systems. 


Attack Potential Often called "Risk Level" or "Likelihood", this is a measure of the perceived (or actual) 
potential for a successful attack, given a specific threat, their capability, motivation and the resources available 


to them. 


Attack Signature A specific sequence of events indicative of an unauthorized access attempt. A characteristic 
byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of 


malicious network activities. 


Attack Surface | Normally applied to software or services exposed to untrusted or unauthenticated users, this 


indicates the amount of code, input fields, interfaces and the like that can be accessed by those users. 


Attack Vector A path or route used by the adversary to gain access to the target (asset). There are two types 


of attack vectors ingress and egress. 


Attack In an Information Security context, an attack is an event where an unauthorised person (or 
group) attempts to breach the Confidentiality, Integrity or Availability of an information asset. An attack may 


be against the asset in general or against controls in place to protect it (e.g. privilege escalation). 


Attacker An individual, group, organization, or government that executes an attack. A party acting 


with malicious intent to compromise an information system. 
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Attenuation The decrease in power of a signal, light beam, or light wave, either absolutely or as a fraction 
of a reference value. The decrease usually occurs as a result of absorption, reflection, diffusion, scattering, 


deflection, or dispersion from an original level and usually not as a result of geometric spreading, 


Attribute Authority An entity, recognized by the Federal Public Key Infrastructure (PKI) 
Policy Authority or comparable agency body as having the authority to verify the association of attributes to 
an identity. 


Attribute A characteristic defined for a class. Attributes are used to maintain the state of the object of 
a class. Values can be connected to objects via the attributes of the class. Typically, the connected value is 
determined by an operation with a single parameter identifying the object. Attributes implement the properties 
of a type. 


Attribute-Based Access Control Access control based on attributes associated with and about subjects, 
objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of 


attributes under which an access may take place. 


Attribute-Based Authorization A structured process that determines when a user is authorized to access 


information, systems, or services based on attributes of the user and of the information, system, or service. 
Audio Masking A condition where one sound interferes with the perception another sound. 


Audio Output — Voice synthesizers that create audible signals resembling a human voice out of computer- 


generated output. 


Audio Response System The method of delivering output by using audible signals and transmitters 


that simulate a spoken language. 


Audit Authority The manager responsible for defining those aspects of a security policy applicable to 


maintaining a security audit. 


Audit Data Chronological record of system activities to enable the reconstruction and examination of 


the sequence of events and changes in an event. 


Audit Event Detector Function A function that detects the occurrence of security-relevant events. This 


function is normally an inherent part of the functionality implementing the event. 


Audit Log A chronological record of system activities kept for the purpose of later verifying that the 


security properties of a system have remained intact. 


Audit Logging This describes the practice of logging or recording events and activity in order to support 


audit requirements. 


Audit Recorder Function A function that records the security-relevant messages in a security audit 
trail. 
Audit Reduction Tools Pre-processors designed to reduce the volume of audit records to facilitate 


manual review. Before a security review, these tools can remove many audit records known to have little 
security significance. These tools generally remove records generated by specified classes of events, such as 


records generated by nightly backups. 


Audit Review The independent review and examination of records and activities to assess 


the adequacy of system controls, to ensure compliance with established policies and operational procedures, 
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and to recommend necessary changes in controls, policies or procedures. The assessment of an information 
system to evaluate the adequacy of implemented security controls, assure that they are functioning properly, 
identify vulnerabilities, and assist in implementation of new security controls where required. This assessment 
is conducted annually or whenever significant change has occurred and may lead to recertification of the 


information system, 


Audit Risk The probable unfavorable monetary effect related to the occurrence of an undesirable event 


or condition. 


Audit Trail Analyzer Function A function that checks a security audit trail in order to produce, if 


appropriate, security alarm messages. 


Audit Trail Examiner Function A function that builds security reports out of one or more security audit 
trails. 
Audit Trail A record showing who has accessed an Information Technology (IT) system and what 


operations the user has performed during a given period. A chronological record that reconstructs and 
examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a 


security relevant transaction from inception to final result. 


Audit In the context of security, a review of a system in order to validate the security of the system. 


Generally, this either refers to code auditing or reviewing audit logs. 
AUI Attachment unit interface. 


AUP Acceptable Use Policy. A policy designed to describe the ways in which technology 
equipment may be used. This can include statements about the required procedures, rights, and responsibilities 
of the user. A use agreement should be certified by the uset’s signature. They can be put in place by schools, 
employers or in a simple form as a Family Internet Contract. It is a policy that establishes an agreement 
between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining 


access to a network or the Internet. 


AURP AppleTalk Update-Based Routing Protocol. 
AUT CM automation. 
Authenticate To verify the identity of a user, user device, or other entity, or the integrity 


of data stored, transmitted, or otherwise exposed to possible unauthorized modification in an automated 


information system, or establish the validity of a transmitted message. 


Authenticate-and-Encrypt When using a cipher to encrypt and a MAC to provide 
message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, 
possibly in parallel. This is not secure in the general case. 


Authenticated Identity An identity of a principal that has been assured through authentication. 


Authenticate-then-Encrypt When using a cipher to encrypt and a MAC to provide message integrity, 
this paradigm specifies that one authenticates the plaintext and then encrypts the plaintext concatenated with 
the MAC tag. This is not secure in the general case, but usually works well in practice. 


Authentication Certificate Authentication information in the form of a security certificate which may 


be used to assure the identity of an entity guaranteed by an authentication authority. 
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Authentication Code A cryptographic checksum based on an Approved security function. 


Authentication Exchange A sequence of one or more transfers of exchange authentication 


information (AI) for the purposes of performing an authentication, 


Authentication Header An [Psec protocol that provides data origin authentication, packet 
integrity, and limited protection from replay attacks. 


Authentication Initiator The entity which starts an authentication exchange. 


Authentication Mechanism Hardware-or software-based mechanisms that force users to prove their 
identity before accessing data on a device. Hardware or software-based mechanisms that forces users, devices, 


or processes to prove their identity before accessing data on an information system. 


Authentication Method Method for demonstrating knowledge of a secret. The quality of the 
authentication method, its strength is determined by the cryptographic basis of the key 


Authentication Mode A block cipher mode of operation that can provide assurance of the 
authenticity and, therefore, the integrity of data. 


Authentication Period The maximum acceptable period between any initial authentication 
process and subsequent re-authentication processes during a single terminal session or during the period data is 


being accessed. 


Authentication Protocol A defined sequence of messages between a Claimant and a Verifier that 
demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and 
optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier. A well- 
specified message exchange process between a claimant and a verifier that enables the verifier to confirm the 


claimant’s identity. 


Authentication Tag A pair of bit strings associated to data to provide assurance of its 
authenticity. 
Authentication Token Authentication information conveyed during an authentication exchange. 


Authentication The act of identifying or verifying the eligibility of a station, originator, or individual to 
access specific categories of information. Typically, a measure designed to protect against fraudulent 
transmissions by establishing the validity of a transmission, message, station, or originator. This is the act of 
confirming that an entity (e.g. person, process, organisation) is who or what it claims to be, generally by 
presentation of some shared knowledge (e.g. a password), a unique token (e.g. a passport) or evidence of some 
independent validation (e.g. an SSL certificate). It is generally accepted that there are three main 'factors' that 
can be used for authentication: Something you know, for example a password, your Mother's maiden name, a 
PIN, etc; Something you have, for example a key, a token, a swipe card, etc.; Something you are, physical, 


biological or behavioural aspects such as your fingerprints, iris, facial image, etc. 


Authority Person(s) or established bodies with rights and responsibilities to exert control in an 


administrative sphere. 


Authorization Boundary All components of an information system to be authorized for operation 
by an authorizing official and excludes separately authorized systems, to which the information system is 


connected. 
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Authorization Policy A set of rules, part of an access control policy, by which access by security 
subjects to security objects is granted or denied. An authorization policy may be defined in terms of access 


control lists, capabilities or attributes assigned to security subjects, security objects or both, 


Authorization Authorization is the process of determining whether an authenticated subject (a user) can see, 
change, delete or take other actions upon data. This phase of security admits only legitimate user access to 
systems, data, applications or networks. After the user is authenticated, he or she is authorized, that is, granted 
access to a network resource. An identification number or password that is used to gain access to a local or 


remote comp uter system. 


Authorized Access List A list developed and maintained by the information systems security 


officer of personnel who are authorized unescorted access to the computer room. 


Authorized Vendor Manufacturer of information assurance equipment authorized to produce 
quantities in excess of contractual requirements for direct sale to eligible buyers. Eligible buyers are typically 


USS. government organizations or U.S, government contractors. 


Authorizing Official Designated Representative An organizational official acting on behalf of an 
authorizing official in carrying out and coordinating the required activities associated with security 


authorization. 


Authorizing Official Official with the authority to formally assume responsibility for operating 
an information system at an acceptable level of risk to agency operations (including mission, functions, image, 


or reputation), agency assets, or individuals. 


Autofilter Function Filters a list and allows you to hide all the rows in a list except those that 


match criteria you specify. 


Automated Key Transport The transport of cryptographic keys, usually in encrypted form, using 


electronic means such as a computer network (e.g., key transport/ agreement protocols), 


Automated Password Generator — An algorithm which creates random passwords that have no association 


with a particular user. 


Automated Security Monitoring The use of automated procedures to ensure security controls are not 
circumvented or the use of these tools to track actions taken by subjects suspected of misusing the information 


system. 


Automatic Remote Rekeying Procedure to rekey a distant crypto-equipment electronically without 


specific actions by the receiving terminal operator. 
Autonomy The ability of an intelligent agent to act without your telling it every step to take. 


Autorun Worms These are malicious programs that run via external storage devices. These programs take 


advantage of the autorun feature of Windows, hence they are known as autorun worms. 
AVA Vulnerability assessment assurance class. 


Availability Formula This formula is used to calculate how reliable the equipment that is being 
installed will be for a particular application. 


Availability The property of being accessible and useable upon demand by an authorized entity; ensuring 


timely and reliable access to and use of information. 
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Avatar The term used to refer to the graphical representation of a person’s alter ego, common in 


many role playing games and social networking sites. 


AVP Authorized Vendor Program. Program in which a vendor, producing an information systems 
security (INFOSEC) product under contract to NSA, is authorized to produce that product in numbers 
exceeding the contracted requirements for direct marketing and sale to eligible buyers. Eligible buyers are 
typically U.S. government organizations or U.S. government contractors. Products approved for marketing and 


sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL). 


AVS Anti-Virus Software. An application software deployed at multiple points in an IT 
architecture, defending against viruses, Trojans, worms and spyware. Anti-virus software monitors a computer 
or network to detect or identify major types of malicious code and to prevent or contain malware incidents by 
using a scanner to identify programs that are or may be malicious. Scanners can detect known viruses, 


previously unknown viruses and suspicious files. Sometimes by removing or neutralizing the malicious code. 


Awareness Awareness programs set the stage for training by changing organizational attitudes toward 


realization of the importance of security and the adverse consequences of its failure. 


Awareness, Training, and Education Controls Awareness programs that set the stage for training by 
changing organizational attitudes to realize the importance of security and the adverse consequences of its 
failure; training that teaches people the skills that will enable them to perform their jobs more effectively; and 
education that is targeted for IT security professionals and focuses on developing the ability and vision to 


perform complex, multidisciplinary activities. 
AWB Anonymous Web Browsing. Services hide your identity from the Web sites the user visits. 


B2B marketplace An internet-based service that brings together many buyers and sellers. 


B2B Business to Business 
B2C Business to Consumer 
B8ZS Bipolar 8 Zero Substitution. A technique used to accommodate the density requirement for 


digital T-carrier facilities in the public network, while allowing 64 kbps clear data per channel. 


Backbone Network A network that interconnects various computer networks and mainframe 


computers in an enterprise. The backbone provides the structure through which computers communicate. 


Backbone A primary transit network or series of networks, designed to carry data between different 
local area networks. A backbone generally has greater data carrying capacity, or bandwidth, than the networks 
connected to it. The Internet Backbone is the interconnection of high-speed networks, primarily government, 


commercial telecommunications and academic networks that route data for public Internet users. 


Backdoor A means of regaining access to a compromised system by installing software or configuring 
existing software to enable remote access under attacker-defined conditions. Typically unauthorized hidden 
software or hardware mechanism used to circumvent security controls; a method of regaining remote control 
of a victim's computer by reconfiguring installed legitimate software or the installation of a specialized 
program designed to allow access under attacker-defined conditions. Some backdoors exist in commercially- 
provided software packages; e.g., consistent (canonical) passwords for third-party software accounts. 
Alternatively, backdoors can be inserted into an existing program or system to provide unauthorized access 


later. For example, the developer of a telephone exchange could incorporate a means by which they can make 
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free calls, or a software developer may include code allowing them to access information supposedly protected 


from unauthorised access by that software. Trojan horse programs and rootkits often contain backdoor 


components. 
Backing Up The procedure for making extra copies of data in case the original is lost or damaged. 
Backoff The (usually random) retransmission delay enforced by contentious MAC protocols after a 


network node with data to transmit determines that the physical medium is already in use. 
Back-Propagation Neural Network A neural network trained by someone. 


Backtracking Resistance Backtracking resistance is provided relative to time T if there is assurance 
that an adversary who has knowledge of the internal state of the Deterministic Random Bit Generator (DRBG) 
at some time subsequent to time T would be unable to distinguish between observations of ideal random 
bitstrings and (previously unseen) bitstrings that were output by the DRBG prior to time T. The 


complementary assurance is called Prediction Resistance. 


Backup and Recovery The ability to recreate current master files using appropriate prior master 


records and transactions. 


Backup designated router A backup designated router (BDR) is a router that becomes the designated 
router if the current designated router has a problem or fails. The BDR is the OSPF router with second 
highest priority at the time of the last election. 


Backup Operation A method of operation used to complete essential tasks (as identified by 
tisk analysis) subsequent to the disruption of the information processing facility and continuing to do so until 


the facility is sufficiently restored. 


Backup Procedures Provisions make for the recovery of data files and program libraries and 


for the restart or replacement of computer equipment after the occurrence of a system failure or disaster. 


Backup A backup is created during the process of making copies of important data or files to other 
storage media (CDs / USBs) or to an online ‘cloud’ storage location, in order to facilitate recovery, if necessary. 
File copies that are saved as protection against loss, damage or unavailability of the primary data. Saving 
methods include high-capacity tape, separate disk sub-systems or on the Internet. Off-site backup storage is 
ideal, sufficiently far away to reduce the risk of environmental damage such as flood, which might destroy both 
the primary and the backup if kept nearby. 


Backward Chaining A process related to an expert system inference engine that starts with a 


hypothesis and attempts to confirm that the hypothesis is consistent with information in the knowledge base. 
Badware Malware, Adware and Spyware. 


Bandwidth A measure of the amount of data (speed) that can be transferred through an Internet 
connection during a given timeframe. The rate at which information travels through a network connection, 
usually measured in bits per second, kilobits (thousand bits) per second, or megabits (million bits) per second. 
Bandwidth theft describes the act of using a network to access the internet without authorisation and can often 
occur on a wireless network that has not been properly secured with strong encryption and a long passphrase. 
It denotes to the capacity of a communication channel to pass data such as text, images, video or sound 


through the channel in a given amount of time. Usually expressed in bits per second. 
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Banner Ad Banner Advertisement. A small ad on one Web site that advertises the products and services 
of another business. Usually a graphical advert on a website linked to the paying advertiser’s own external 


website. 


Banner Grabbing The process of capturing banner information such as application type and version that is 


transmitted by a remote port when a connection is initiated. 
Banner Display on an information system that sets parameters for system or data use. 


Bar Code Reader Captures information that exists in the form of vertical bars whose width and distance from 


each other determine a number. 


Bar Code A series of solid bars of different widths used to encode data. Special optical character 
recognition (OCR) devices can read this data. 


Base 64 A method for encoding binary data into printable ASCII strings. Every byte of output maps 
to six bits of input (minus possible padding bytes). 


Baseband A form of modulation in which data signals are pulsed directly on the transmission medium 
without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the 
transmission medium (cable) is utilized for a single channel. It uses a single carrier frequency and requires all 


stations attached to the network to participate in every transmission, 


Baseline Architecture A complete list and description of equipment that can be found in 


operation today. 


Baseline Configuration A set of specifications for a system, or Configuration Item (CI) within a 
system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only 
through change control procedures. The baseline configuration is used as a basis for future builds, releases, 


and/or changes. 


Baseline Security The minimum security controls required for safeguarding an IT system based on its 


identified needs for confidentiality, integrity, and/or availability protection. 


Baseline A set of critical observations or data used for a comparison or control. Examples include a 
baseline security policy, a baseline set of security requirements, and a baseline system. Usually, it is hardware, 


software, databases, and relevant documentation for an information system at a given point in time. 


Baselining Monitoring resources to determine typical utilization patterns so that significant deviations 


can be detected. 


Bash board An online bulletin board or chat room where users can anonymously post messages. 
Bashing A series of harsh online written attacks. 
Basic Rate Interface (BRD) Supports a total signaling rate of 144 kbps, which is divided into two B or 


bearer channels running at 64 kbps, and a D or data channel runing at 16 kbps. The bearer channels carry the 


actual voice, video, or data information and the D channel is used for signaling. 


Basic Testing A test methodology that assumes no knowledge of the internal structure and implementation 


detail of the assessment object. 


Basic Text Formatting Tag HTML tags that allow you to specify formatting for text. 
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BASIC Beginner's All-Purpose Symbolic Instruction Code. A programming language designed in the 
1960s to teach students how to program and to facilitate learning. The powerful language syntax was designed 


especially for time-sharing systems. 


Bastion Host A special purpose computer on a network specifically designed and configured to withstand 
attacks. 


Batch Control A computer information processing technique in which numeric fields are totaled and 


records are tabulated to provide a comparison check for subsequent processing results. 


Baud In common usage the "baud" of a modem is how many bits it can send or receive per second. 
Technically, baud is the number of times per second that the carrier signal shifts value for example a 1200 
bit-per-second modem actually runs at 300 baud, but it moves 4 bits per baud (4 x 300= 1200 bits per 


second). 


Bayesian Belief Network Graphical networks that represent probabilistic relationships among 
variables. The nodes represent uncertain variables and the arcs represent the causal/relevance relationships 
between the variables. The probability tables for each node provide the probabilities of each state of the 


variable for that node, conditional on each combination of values of the parent node. 


BBS Bulletin board System. A computerized meeting and announcement system that allows 
people to carry on discussions, upload and download files, and make announcements without the people being 
connected to the computer at the same time. In the early 1990's there were many thousands of BBS's around 
the world, most were very small, running on a single IBM clone PC with I or 2 phone lines. Some were very 
large and the line between a BBS and a system like AOL gets crossed at some point, but it is not clearly drawn. 
A BBS is not part of the Internet. 


BCBSA Blue Cross and Blue Shield Association. 

BCP (1) Business Continuity Plan(ning). 

BCP (2) Best Current Practices. 

BCP Business Continuity Plan; Business Continuity Planning. The documentation of a 


predetermined set of instructions, procedures and plans that are activated during or following a disaster or 
other adverse event to ensure that critical business functions can continue and remain available to those that 
need to access them (whether this is internal personnel, customers, suppliers or regulatory bodies). The scope 
of the planning activities will vary widely, depending on the business, and may include simple day-to-day tasks 


such as project management, system backups, change control, etc. 
BDR Backup Designated Router. 


Beaconing Is a process whereby a system (typically a victim) sends a contact message to another system 
(usually an intruder's control system), This process is done to notify to an intruder that a system is active and 


remains infected. 


Beamwidth The width of the main lobe of an antenna pattern, usually defined as 3 db down from the 
peak of the lobe. 
BECN Backward Explicit Congestion Notification (Frame Relay). 
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Behavior Monitoring Observing the activities of users, information systems, and processes and 
measuring those activities against baselines of normal activity, thresholds, and trends, as well as organizational 


policies and rules. 


Behavioral Outcome What an individual who has completed the specific training module is 


expected to be able to accomplish in terms of IT security-related job performance. 


Behaviorally Object-Oriented The data model incorporates features to define arbitrarily complex object 
types together with a set of specific operators (abstract data types). 


Benchmark Test A simulation evaluation conducted before purchasing or leasing equipment to determine 


how well hardware, software, and firmware perform. 


Benign Environment A non-hostile location protected from external hostile elements by 


physical, personnel, and procedural security countermeasures. 


Benign System A system that is not related to any other system. Benign systems are closed communities 
without physical connection or logical relationship to any other system. Benign systems are operated exclusive 


of one another and do not share users, information, or end processing with other systems. 
BER Bit Error Rate 


BES Bulk Electric Systems. BES are generation and transmission facilities and their control 
systems that are part of the North American interconnected power grid. They generally operate at 100 


kilovolts or more. 


Bespoke Learning Materials Materials that are designed and tailored to meet an organization’s specific 


learning needs and outcomes. 


Best Current Practices The newest subseries of RFCs that are written to describe Best Current 


Practices in the Internet. 


Best Practices The processes, practices, and systems identified in public and private organizations that 
performed exceptionally well and are widely recognized as improving an organization's performance and 
efficiency in specific areas. Successfully identifying and applying best practices can reduce business expenses 


and improve organizational efficiency. 


Best-Effort QoS The lowest of all QoS traffic classes. If the guaranteed QoS cannot be delivered, the bearer 
network delivers the QoS, which is called best-effort QoS. 


Best-Effort Service A service model that provides minimal performance guarantees, allowing 


an unspecified variance in the measured performance criteria. 
Betnet Herder One of the names for the controller or operator of a botnet. 


Between-the-Lines Entry Access obtained through the use of active wiretapping by an unauthorized 


user to a momentarily inactive terminal of a legitimate user assigned to a communications channel. 


BGP Border Gateway Protocol. 
BIA (1) Business Impact Analysis. 
BIA (2) Burned-In Address. 
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Big Endian Refers to machines representing words most significant byte first. While x86 machines do 
not use big endian byte ordering (instead using little endian), the PowerPC and SPARC architectures do. This 


is also network byte order. 
BIL Business Impact Level. 


Billing A function whereby CDRs generated by the charging function are transformed into bills 


requiring payment. 


BIN Bank Identification Number. The first six digits (or more) of a payment card number that 
identifies the financial institution that issued the payment card to the cardholder. 


Binary digit A state of function represented by the digit 0 or I. 


Binar Where only two values or states are possible for a particular condition, such as “on” or “off” 
y y P P 
or “I” or “0.” Binary is the way digital computers function because it represents data as on or off. Also 


commonly used to refer to files that are not simply text files (e.g. images). 


Binding An acknowledgement by a trusted third party that associates an entity’s identity with its 
public key. This may take place through (1) a certification authority’s generation of a public key certificate, (2) 
a security officer’s verification of an entity's credentials and placement of the entity’s public key and identifier 
in a secure database, or (3) an analogous method. Process of associating a specific communications terminal 


with a specific cryptographic key or associating two related elements of information. 


Biometric Access Control A system of Access Control that uses biometric factors 
to permit (or deny) access to protected facilities or systems. For example, fingerprint readers on doors or facial 


recognition on laptops. 


Biometric Information The stored electronic information pertaining to a biometric. This 


information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns.) 


Biometric System An automated system capable of 1) capturing a biometric sample from an end user; 2) 
extracting biometric data from that sample; 3) comparing the extracted biometric data with data contained in 
one or more references; 4) deciding how well they match; and 5) indicating whether or not an identification or 
verification of identity has been achieved. It is a pattern recognition system that establishes the authenticity of 


a specific physiological or behavioral characteristic possessed by a user. 


Biometric A measurable physical characteristic or personal behavioral trait used to recognize the 
identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all 


examples of biometrics. 


Biometrics Biometrics is a term for processes and techniques that endeavour to uniquely identify 
individuals based on physical or behavioural traits. These may be physiological, for example, fingerprints, iris 
patterns, facial images, DNA, etc. or behavioural, for example gait, vocal patterns, handwriting, etc. Biometrics 
is the study of measurable biological characteristics, used in computer security applications as an 
authentication technique. Most commonly, biometrics used in computer security systems entails computer 
analysis of fingerprints or speech. Biometrics is expected to become increasingly important in e-business 
transactions, as an effective way to detect fraudulent users. It is developed as a security technique that verifies 


an individual’s identity by analyzing a unique physical attribute, such as a handprint. 
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BIOS The BIOS is built-in software that determines what a computer can do without accessing 
programs from a disk. On PCs, the BIOS contains all the code required to control the keyboard, display screen, 


disk drives, serial communications, and a number of miscellaneous functions. 


Birthday Attack Take a function f() that seems to map an input to a random output of some fixed size (a 
pseudo-random function or PRF), A birthday attack is simply selecting random inputs for f() and checking to 
see if any previous values gave the same output. Statistically, if the output size is S bits, then one can find a 


collision in 2S/2 operations, on average. 
B-ISDN Broadband ISDN. 


Bit Error Rate Ratio between the number of bits incorrectly received and the total number of bits 


transmitted in a telecommunications system. The probability that a particular bit will have the wrong value. 


Bit Map A specialized form of an index indicating the existence or nonexistence of a condition for a 
group of blocks or records. Although they are expensive to build and maintain, they provide very fast 


comparison and access facilities. 


Bit Mask A pattern of binary values that is combined with some value using bitwise AND with the 


result that bits in the value in positions where the mask is zero are also set to zero. 


Bit Rate This is the speed at which bits are transmitted on a circuit, usually expressed in bits per 
second. 
Bit A contraction of the term Binary Digit. This is the smallest unit of information in a binary 


system of notation; the smallest unit of information storage, a contraction of the term "binary digit." A binary 


digit having a value of 0 or I. 
BIT Built-In Test. 


Bitcoin A type of digital currency in which encryption techniques are used to regulate the generation 
of units of currency and verify the transfer of funds, operating independently of a central bank. Many bitcoin 


transactions are associated with illegal, dark web activity but not all. 


Bit-Flipping Attack In a stream cipher, flipping a bit in the ciphertext flips the corresponding 
bit in the plaintext. If using a message authentication code (MAC), such attacks are not practical. 


Bitlocker BitLocker is a full disk encryption feature included with Microsoft Windows Vista and later. 
It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption 
algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over 
the whole disk; it is applied to each individual sector. 


Bits Per Second This is a measurement of how fast data is moved from one place to another, i..e. the speed at 


which bits are sent during data transmission A 56K modem can move about 57,000 bits per second. 


Bit-Stream Image Bit-streams backups involve all areas of a computer hard disk drive or another type of 
storage media. Such backups exactly replicate all sectors on a given storage device. Thus, all files and ambient 


data storage areas are copied. 


Black Box A method of penetration testing in which the hacker is given no prior information other 


than a target network or computer system to hack. 
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Black core This is a communication network architecture in which user data traversing a global IP 


network is end-to-end encrypted at the IP layer; also related to striped core. 


Black Hat Hacker An individual with extensive computer knowledge whose purpose is to 


breach or bypass internet security. The general view is that, while hackers build things, crackers break things. 


Black Hat SEO Black hat search engine optimization refers to a backhanded method of garnering a higher 
tanking in search engines. The practice is understandably frowned upon by search engines, and the 
perpetrating sites are punished accordingly. Common techniques include spamdexing, hidden text, and 


cloaking. 


Black Hat A black hat is a computer hacker who works to harm others (e.g., steal identities, spread 


computer viruses, install bot software). 


Black Holing A method typically used by ISPs to stop a DDoS attack on one of its customers. This 
approach to block DDoS attacks makes the site in question completely inaccessible to all traffic, both 


malicious attack traffic and legitimate user traffic. 


Black In the information processing context, black denotes data, text, equipment, processes, 
systems or installations associated with unencrypted information that requires no emanations security related 


protection. For example, electronic signals are “black” if bearing unclassified information. 


Blacklist A list of computers, IP addresses, user names or other identifiers to block from access to a 


computing resource. 


Blacklisting Software A form of filtering that blocks only websites specified as harmful. Parents 
and employers sometimes use such software to prevent children and employees from visiting certain websites. 
You can add and remove sites from the “not permitted” list. This method of filtering allows for more full use 


of the Internet, but is less efficient at preventing access to any harmful material that is not on the list. 


Blacklisting The process of the system invalidating a user ID based on the user’s inappropriate actions. A 
blacklisted user ID cannot be used to log on to the system, even with the correct authenticator. Blacklisting 
and lifting of a blacklisting are both security-relevant events. Blacklisting also applies to blocks placed against 


IP addresses to prevent inappropriate or unauthorized use of Internet resources. 
Blended Attack A hostile action to spread malicious code via multiple methods. 


Blended Threat A computer network attack that seeks to maximize the severity of damage and speed of 


contagion by combining methods for example, using characteristics of both viruses and worms. 


Blind Scheme an extraction process method that can recover the hidden message by means only of the 


encoded data. 


Blinding Generating network traffic that is likely to trigger many alerts in a short period of time, to 


conceal alerts triggered by a “real” attack performed simultaneously. 


Block Cipher Algorithm A family of functions and their inverses that is parameterized by a 
cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length. A 
symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic 


key. For a block cipher algorithm, the length of the input block is the same as the length of the output block. 
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Block Cipher A method of encrypting text to produce ciphertext in which a 
cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time. 


Block Structure In programming, a segment of code that can be treated as an independent module. 


Block (1) Sequence of binary bits that comprise the input, output, State, and Round Key. The 
length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes. (2) To 


stop a computer from reaching something on the Internet, or to stop someone from contacting you. 


Blocking factor The number of records appearing between interblock gaps on magnetic storage media. 


Blog Web log. 

Blowfish A block cipher with 64-bit blocks and variable length keys, created by Bruce Schneier. This 
cipher is infamous for having slow key-setup times. 

BLP Bypass Label Processing. 

Blue Team (I) The group responsible for defending an enterprise’s use of information systems by 


maintaining its security posture against a group of mock attackers (i.e, the Red Team). Typically the Blue 
Team and its supporters must defend against real or simulated attacks (a) over a significant period of time, (b) 
in a representative operational context (e.g., as part of an operational exercise), and (c) according to rules 
established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e. the 
White Team). (2) The term Blue Team is also used for defining a group of individuals that conduct 
operational network vulnerability evaluations and provide mitigation techniques to customers who have a need 
for an independent technical review of their network security posture. The Blue Team identifies security 
threats and risks in the operating environment, and in cooperation with the customer, analyzes the network 
environment and its current state of security readiness. Based on the Blue Team findings and expertise, they 
provide recommendations that integrate into an overall community security solution to increase the customer's 
cyber security readiness posture. Often times a Blue Team is employed by itself or prior to a Red Team 
employment to ensure that the customer's networks are as secure as possible before having the Red Team test 


the systems. 


Bluetooth Technology that provides entirely wireless connections for all kinds of communication 
devices. It is an industry standard for short-range wireless connections between devices like mobile phones, 


headsets, computers and PDAs. 


Body One of four possible components of a message. Other components are the headings, 


attachment, and the envelope. 


BoE Body of Evidence. The set of data that documents the information system's adherence to the 
security controls applied. The BoE will include a Requirements Verification Traceability Matrix (RWITM) 
delineating where the selected security controls are met and evidence to that fact can be found. The BoE 


content required by an Authorizing Official will be adjusted according to the impact levels selected. 
Bookmark Similar to a real-life bookmark, an Internet bookmark acts as a marker for a web page. 


Bootleg an unauthorized recording of a live or broadcast performance. They are duplicated and sold 


without the permission of the artist, composer or record company. 


BOOTP Bootstrap Protocol. 
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Border Router A device located at the organization’s boundary to an external network, 


Bot Master The controller of a botnet that, from a remote location, provides direction to the 


compromised computers in the botnet. 


Bot A single compromised computer (a robot computer) sometimes called a zombie. A program 
covertly installed on a user's machine to allow an unauthorized user to remotely control the targeted system 
through a communication channel. These channels allow the remote attacker to control a large number of 
compromised computers in a botnet, which can then be used to launch coordinated attacks. Attackers can use 
bots to perform a variety of tasks, such as setting up denial of service attacks against an organization's website, 
distributing spam, spyware and adware, phishing attacks, propagating malicious code, and harvesting 


confidential information. 


Bote-Swaine Cipher A steganographic cipher used by Francis Bacon to insert his name within 


the text of his writings. 


Botnet A network of computers that have been penetrated, compromised, and programmed to 
operate on the commands of an unauthorized remote user, usually without the knowledge of their owners or 
operators. The network of “robot” computers can then be manipulated by the remote actor to commit attacks 
on other systems. The computers on botnets are frequently referred to as “zombies” and are often employed in 
digital denial of service attacks. Sometimes millions of infected machines can be remotely controlled by 
malicious actors. A single infected computer may be referred to as a zombie computer. The owners of the 
computer remotely controlled is often unaware of the infection. The owners of a botnet may use the combined 
network processing power and bandwidth to send SPAM, install malware and mount DDoS attacks or may 


rent out the botnet to other malicious actors. 


Boundary Protection Device A device with appropriate mechanisms that (1) facilitates the adjudication 
of different interconnected system security policies (e.g., controlling the flow of information into or out of an 
interconnected system); and/or (2) ptovides information system boundary protection. A device with 
appropriate mechanisms that facilitates the adjudication of different security policies for interconnected 


systems. 


Boundary Protection Monitoring and control of communications at the external boundary of an 
information system to prevent and detect malicious and other unauthorized communication, through the use 


of boundary protection devices (e.g., proxies, gateways, routers, firewalls, guards, encrypted tunnels). 


Boundary Logical and physical controls to define a perimeter between the organization and the outside 


world. 
Bounds CheckingThe testing of computer program results for access to storage outside of its authorized limits. 


Bounds Register A hardware or firmware register that holds an address specifying a storage boundary. 


BP Business Partner. 

BPDU Bridge Protocol Data Unit. 

BPS Bits Per Second. 

BPSS Baseline Personnel Security Standard. A standard issued under the Security Policy 


Framework that defines a baseline level of personnel vetting, allowing organisations to place a degree of trust 
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in their staff. Consists primarily of verifying an individual's identity and a few years' worth of their residential 


and work history. 


BR Backbone Router. A backbone router has an interface to the backbone area. Backbone 


routers may also be area routers, but do not have to be. 
Branch An alteration of the normal sequential execution of program statements. 


Breach A breach is, generally, an impermissible use or disclosure under the Privacy Rule that 
compromises the security or privacy of the protected health information such that the use or disclosure poses a 


significant risk of financial, reputational, or other harm to the affected individual. 


Breakers In electric substations, circuit breakers act as safety switches to protect workers and 


equipment during an emergency by automatically stopping electric current flowing through a power line. 


Brevity Lists A coding system that reduces the time required to transmit information by representing long, 


stereotyped sentences with only a few characters. 
BRI Basic rate interface (ISDN). 


Bridge Data link layer device developed in the early 1980s to connect local area networks (LANs) 
or create two separate LAN or wide area network (WAN) network segments from a single segment to reduce 
collision domains. A bridge acts as a store-and-forward device in moving frames toward their destination. This 


is achieved by analyzing the MAC header of a data packet, which represents the hardware address of an NIC. 


Broadband General term used to refer to high-speed network connections. There are a wide variety of 
broadband technologies available, for example, fire optic, ADSL, DSL or wireless. It is characteristic of any 
network that multiplexes multiple, independent network carriers onto a single cable. Broadband technolo 
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allows several networks to coexist on one single cable; traffic from one network does not interfere with traffic 
from another because the conversations happen on different frequencies in the “ether,” rather like the 
commercial radio system. These types of “always on” Internet connections are actually more susceptible to 


some security threats than computers that access the Web via dial-up service. 


Broadcast Storm A condition that can occur on broadcast type networks such as Ethernet. This can happen 


for a number of reasons, ranging from hardware malfunction to configuration error and bandwidth saturation. 


Broadcast A method to distribute information to multiple recipients simultaneously. In such packet 


delivery system, a copy of a given packet is given to all hosts attached to the network. 


Brouter A concatenation of “bridge” and “router.” Used to refer to devices that perform both 


bridging and routing. 


Browser Cookies Cookies are text retained on computers by browsers containing information filled into 
websites. A cookie may be used to remember a username, for example, so that the name will autofill on the 


user's next visit. Cookies may be disabled, or cookie options customized, due to privacy concerns. 


Browser Hijackers Browser hijackers change the default home and search pages in your 
Internet browser. Some websites run a script that changes the settings in your browser without your permission. 
This hijacker can add shortcuts to your "Favourites" folder or, more seriously, can change the page that is first 
displayed when you open the browser. You may find that you cannot change your browser's start page back to 


your chosen site. 
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Browser Web Browser. 


Browser-Safe Colors A range of 216 colors that can be represented using 8 bits and are visible 


in all browsers. 


Browsing The act of searching through information system storage or active content to locate or 


acquire information, without necessarily knowing the existence or format of information being sought. 


Brute Force Attack A form of cryptoanalysis where an exhaustive password-cracking 
procedure that tries all possible combinations of passwords or encryption keys in an attempt to crack an 


encryption scheme or login system until the correct one is found. 


Brute Force Password Attack A method of accessing an obstructed device through attempting multiple 


combinations of numeric and/or alphanumeric passwords. 


Brute Force The name given to a class of algorithms that repeatedly try all possible combinations until a 


solution is found. 


BS Baseline Standard (clearan/ vetting), Baseline Personnel Security Standard. 
BSP Biometric service provider. 
BSS Basic Service Set. Basic Service Set is a set of 802.1 1-compliant stations that operate as a 


fully connected wireless network. 


Buddy List A collection of names/screen names that represent friends within an instant messaging, chat 
program or social networking site. List enabled designated users to know when their "buddy is on-line so that 


both can easily communicate. 


Buffer Overflow Attack A method of overloading a predefined amount of space in a buffer, which 


can potentially overwrite and corrupt data in memory. 


Buffer Overflow A condition at an interface under which more input can be placed into a buffer or data- 
holding area than the capacity allocated, overwriting other information. It occurs when a program or process 
tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are 
created to contain a finite amount of data, the extra information which has to go somewhere can overflow into 
adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally 
through programming error, buffer overflow is an increasingly common type of security attack on data 
integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in 
effect sending new instructions to the attacked computer that could, for example, damage the user's files, 
change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C 


programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Buffer A temporary storage area, usually in RAM. The purpose of most buffers is to act as a 
holding area, enabling the CPU to manipulate data before transferring it to a device. Because the processes of 
reading and writing data to a disk are relatively slow, many programs keep track of data changes in a buffer 
and then copy the buffer to a disk. For example, word processors employ a buffer to keep track of changes to 
files. Then when you save the file, the word processor updates the disk file with the contents of the buffer. 
This is much more efficient than accessing the file on the disk each time you make a change to the file. Note 
that because your changes are initially stored in a buffer, not on the disk, all of them will be lost if the 


computer fails during an editing session. For this reason, it is a good idea to save your file periodically. Most 
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word processors automatically save files at regular intervals. Another common use of buffers is for printing 
documents. When you enter a PRINT command, the operating system copies your document to a print buffer 
(a free area in memory or on a disk) from which the printer can draw characters at its own pace. This frees the 
computer to perform other tasks while the printer is running in the background. Print buffering is called 
spooling . Most keyboard drivers also contain a buffer so that you can edit typing mistakes before sending 


your command to a program. Many operating systems, including DOS, also use a disk buffer to temporarily 


hold data that they have read from a disk. The disk buffer is really a cache. 


Bug Bounty Program A bug bounty program is a deal offered by many websites and software 
developers by which individuals can receive recognition and compensation for reporting bugs, especially those 
pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs 
before the general public is aware of them, preventing incidents of widespread abuse. Bug bounty programs 


have been implemented by Facebook, Yahoo!, Google, Reddit, Square, and Microsoft. 


Bug A coded program statement containing a logical or syntactical error. It is an unexpected and 


relatively small defect, fault, flaw, or imperfection in an information system or device. 


Build Security In A set of principles, practices, and tools to design, develop, and evolve information systems 


and software that enhance resistance to vulnerabilities, flaws, and attacks. 


Built-In Test A design feature that provides information on the ability of the item to perform its intended 


functions. BIT is implemented in software or firmware and may use or control BIT equipment (BITE). 
Bulk Encryption Simultaneous encryption of all channels of a multichannel telecommunications link. 


Bullet-Proof Hosting A company that guarantees that its servers will not be shut down even 
when the request to do so comes from law enforcement agencies. These hosting companies are often located 
off-shore or in nations where computer crime laws are lax or non-existent and where extradition requests will 


not be honoured. 


Bullying Bullying occurs when an individual (or group) with more power repeatedly and intentionally 
uses negative words and/or actions against another individual or group that cause distress and create a risk to 
wellbeing. 

Burn Box A device used to destroy computer data, Usually a box with magnets or electrical current 


that will degauss disks and tapes. 


Burst The separation of multiple-copy printout forms into individual sheets. 

Bus structure A network topology in which nodes are connected to a single cable with terminators at each 
end. 

Bus An electrical connection that allows two or more wires or lines to be connected together. 


Typically, all circuit cards receive the same information that is put on the bus, but only the card the 


information is “addressed” to will use that data. 


Business Continuity Management Preparing for and maintaining continued business operations following 


disruption or crisis. 


Business Continuity The ability to maintain operations and services both technology and 


business in the event of a disruption to normal operations and services. Ensures that any impact or disruption 
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of services is within a documented and acceptable recovery time period and that system or operations are 


resumed at a documented and acceptable point in the processing cycle. 


Business Impact Analysis An analysis of an enterprise’s requirements, processes, and 
interdependencies used to characterize information system contingency requirements and priorities in the event 


of a significant disruption. It is used to evaluated the criticality and sensitivity of information assets. 


Business Impact Level Business Impact Levels are used to quantify and document the level of 
impact (or criticality) of a breach of Confidentiality, Integrity or Availability of an Information Asset. There 
are 7 levels of impact, from 0 (no impact) to 6 (critical, including widespread loss of life), The impact 
concerned can be to individuals, organisations, the country or HMG itself, and can be financial, reputational 


or personal, 


Business Intelligence Knowledge about customers, competitors, partners, and own internal 


operations. 
Business Model A model of a business organization or process. 


Business Need-to-Know The principle that access to systems or data is granted by a uset’s business 
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need only what is necessary for a user’s job function, 
Business Partner Business Associate. 
Business Process Reengineering The reinventing of a process within a business. 


Business Process A standardized set of activities that accomplishes a specific task such as processing a 


customer’s order. 


Business Requirement A detailed knowledge worker request that the system must meet to be 
successful. 

Business to Business Companies whose customers are primarily other businesses. 

Business to Consumer Companies whose customers are primarily individuals. 


Buyer Agent Shopping Bot. An intelligent agent or application on a Web site that helps customers find 


the products and services they want. 


BYOD Bring Your Own Device. An enterprise policy used to permit partial or full integration of 


user-owned mobile devices for business purposes. 
Bystander Someone who witnesses bullying. 


Byte A fundamental unit of computer storage, consisting of eight binary digits (bits) processed 
together; usually enough to store a single letter or digit. 


Byte-Digit Portion Usually, the four rightmost bits in a byte. 


C A third-generation computer language used for programming on microcomputers. Most 


microcomputer software products such as spreadsheets and DBMS programs are written in C. 


C&A Certification and accreditation; a comprehensive evaluation of the technical and non- 
technical security features of a system to determine if it meets specified requirements and should receive 


approval to operate. 
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C2 Infrastructure Data Domains, IP addresses, protocol signatures, email addresses, payment card 
data, etc. 
C2 Command and control. The term, in the context of computer network operations, often 


describes a communications method or a component thereof to maintain remote control of an operational 


asset, such as a compromised computer. 

C2W Command and Control Warfare. 

CA Certificate authority. 

Cable Modem A device that uses a TV cable to deliver an internet connection. 

Cable Transmission medium of copper wire or optical fiber wrapped in a protective cover. 


CAC Common Access Card. Standard identification/smart card issued by the Department of 
Defense that has an embedded integrated chip storing public key infrastructure (PKI) certificates. 


Cache A component that transparently stores data so that future requests for that data can be 
served faster. The data that is stored within a cache might be values that have been computed earlier or 
duplicates of original values that are stored elsewhere. The term cache often refers to the browser cache, which 
records the most recently downloaded web pages. Every visited webpage and most of its content, including text 
and graphics, is stored by the computer in the cache. This enables the page to be displayed faster if the user 


returns to the page later. The cache can be emptied, but the information remains on the hard drive until it is 


wiped. 

CAD Computer-Aided Design. A term used to describe the use of computer technology as applied 
to the design of problems and opportunities. 

CAI Computer-Aided Instruction, The interactive use of a computer for instructional purposes. 
Software provides educational content to students and adjusts its presentation to the responses of the 
individual. 

Call Any connection (fixed or temporary) capable of transferring information between two or 


more users of a telecommunications system. In this context, a user may be a person or a machine. It is used for 


transmission of the content of communication. This term refers to circuit-switched calls only. 


Callback A procedure that identifies a terminal dialing into a computer system or network by 
disconnecting the calling terminal, verifying the authorized terminal against the automated control table, and 
then, if authorized, reestablishing the connection by having the computer system dial the telephone number of 
the calling terminal. 


Caller Identification One of several custom local area signaling services (CLASS) provided by 
the local exchange carrier. The service that allows you to see the name and number of the person who is calling 
you. 

Call-Identifying Information Dialing or signaling information that identifies the origin, direction, 


destination or termination of each communication generated by means of any equipment, facility, service, or a 


telecommunications carrier. 


CAM Computer-Aided Manufacturing. The use of computer technology as applied to the 


manufacturing of computer technology as applied to the manufacturing of goods and services. 
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CAN Computer Network Attack. Actions taken through the use of computer networks to disrupt, 
deny, degrade, or destroy information resident in computers and computer networks, or the computers and 
networks themselves; A category of fires employed for offensive purposes in which actions are taken through 
the use of computer networks to disrupt, deny, degrade manipulate or destroy information resident in the 
target information system or computer networks, or the systems / networks themselves. The ultimate intended 
effect is not necessarily on the targeted system itself, but may support a larger effort, such as information 


operations or counter-terrorism. 


Canary A piece of data, the absence of which indicates a violation of a security policy. Several tools 


use a canary for preventing certain stack-smashing buffer overflow attacks. 


Canister Type of protective package used to contain and dispense keying material in punched or 
printed tape form. 


CAP CM capabilities. 


Capability A token used as an identifier for a resource such that possession of the token confers access 


rights for the resource. 


Capacitor Capacitors provide a means of storing electric charge so that it can be released at a specific 


time or rate. A capacitor acts as a battery but does not use a chemical reaction. 


Capacity Planning Capacity planning is the process by which a service provider ensures 
systems are able to cope with current and future demand, and upgrade them as and when required. Capacity 


may refer to disk storage, network bandwidth, processing power or any other aspect of a system or network 


that could be affected by high levels of demand. 


CAPEC Common Attack Pattern Enumeration and Classification. 
Capture The method of taking a biometric sample from an end user. 
Capture-Replay Attacks When an attacker can capture data off the wire and replay it later without 


the bogus data being detected as bogus. 


Card Data At a minimum, card data includes the primary account number (PAN), and may also include 
cardholder name and expiration date. The PAN is visible on the front of the card and encoded into the card’s 
magnetic stripe and/ or the embedded chip. 


Cardano’s Grille A method of concealing a message by which a piece of paper has several holes cut in it (the 
grille) and when it is placed over an innocent looking message the holes cover all but specific letters spelling 


out the message. It was named for its inventor Girolamo Cardano. 


Carder Someone who steals or trades exclusively in stolen credit card numbers and their associated 


information. 
Cardholder An individual possessing an issued Personal Identity Verification (PIV) card. 


Carter- Wegman Counter A parallelizable and patent-free high-level encryption mode that provides 
both encryption and built-in message integrity. 


Cascading Downward flow of information through a range of security levels greater than the 


accreditation range of a system, network, or component. 
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CASE Computer-Aided Software Engineering. Tools that automate the design, development, 


operation, and maintenance of software. 


Cash-Out A euphemism that means to steal money from a bank account or credit card to which 
someone has gained illegal access. Hackers who grab credit card data often do not possess the skills or contacts 


to launder the money they can steal this way. 


CASTS A block cipher with 64-bit blocks and key sizes up to 128 bits. It is patent- free, and 
generally considered sound, but modern algorithms with larger block sizes are generally preferred (e.g., AES). 


Cat Fishing Refers to an individual assuming a false identity online, in particular to pursue 
emotional/ romantic relationships in the virtual world. Common on social networking and online dating sites. 
Sometimes a catfish’s sole purpose is to engage in a fantasy but sometimes the catfish’s intent is to defraud a 


victim, seek revenge or commit identity theft. 
Category Restrictive label applied to classified or unclassified information to limit access. 


Cathode-Ray Tube The display device for computer terminals, typically a television-like 


electronic vacuum tube. 


Cause (1) Technical, the action or condition by which a hazardous event (physical or cyber) is 
initiated; an initiating event. The cause may arise as the result of failure, accidental or intentional human error, 
design inadequacy, induced or natural environment, system configuration, or operational modes/ states. (2) 
Legal, each separate antecedent of an event. Something that precedes and brings about an effect or result. A 


reason for an accident or condition. 


Cave Cave automatic virtual environment. Special 3-D virtual reality room that can display images 


of other people and objects located in other cave’s all over the world. 


Cavity Virus A cavity virus attempts to install itself inside of the file it is infecting. Some program files, 
for a variety of reasons, have empty space inside of them. This empty space can be used to house virus code. A 
cavity virus attempts to install itself in this empty space while not damaging the actual program itself. An 
advantage of this is that the virus then does not increase the length of the program and can avoid the need for 


some stealth techniques. The Lehigh virus was an early example of a cavity virus. 


CAW Certification Authority Workstation. Commercial off-the-shelf (COTS) workstation with a 


trusted operating system and special-purpose application software that is used to issue certificates 
CBC Cipher Block Chaining, 


CBC-MAC Cipher Block Chaining-Message Authentication Code. A secret-key block-cipher algorithm 
used to encrypt data and to generate a Message Authentication Code (MAC) to provide assurance that the 
payload and the associated data are authentic. 


CBEFF Common biometric exchange file format; being defined by U.S. biometric consortium and 
ANSI X9F4 subcommittee. 

CBR Constant bit rate. 

CC (1) Common Criteria; ISO/IEC 15408. 


Al 


Xingan Li & Peilin Li 


CC (2) Content of Communication. Information exchanged between two or more users of a 
telecommunications service, excluding intercept related information (IRI). This includes information which 


may, as part of some telecommunications service, be stored by one user for subsequent retrieval by another. 


CC (3) Counter Cyber. A mission that integrates offensive and defensive operations to attain and 
maintain a desired degree of cyberspace superiority. Counter-cyber missions are designed to disrupt, negate, 


and/ or destroy adversarial cyberspace activities and capabilities, both before and after their employment. 
CCA Vulnerability analysis, covert channel analysis. 


CCB Configuration Control Board. A group of qualified people with responsibility for the 
process of regulating and approving changes to hardware, firmware, software, and documentation throughout 


the development and operational life cycle of an information system, 


CCE Common Configuration Enumeration. A SCAP specification that provides unique, common 


identifiers for configuration settings found in a wide variety of hardware and software products. 


CCEP Commercial COMSEC Evaluation Program. Relationship between NSA and industry in 
which NSA provides the COMSEC expertise (i.e., standards, algorithms, evaluations, and guidance) and 
industry provides design, development, and production capabilities to produce a type I or type 2 product. 
Products developed under the CCEP may include modules, subsystems, equipment, systems, and ancillary 


devices. 
CCF Common Cause Failure. 


CCI Equipment Controlled Cryptographic Item Equipment. Telecommunications or information handling 
equipment that embodies a CCI component or CCI assembly and performs the entire COMSEC function 


without dependence on host equipment to operate. 


CCI Controlled Cryptographic Item, Assembly Device embodying a cryptographic logic or other 
COMSEC design that NSA has approved as a Controlled Cryptographic Item. It performs the entire 
COMSEC function, but depends upon the host equipment to operate. 


CCM Counter with Cipher Block Chaining-Message Authentication Code. A mode of operation 
for a symmetric key block cipher algorithm, It combines the techniques of the Counter (CTR) mode and the 
Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm to provide assurance of the 
confidentiality and the authenticity of computer data. 


CCO Cisco Connection Online. 

CCP Compression Control Protocol. 

CCS Common Channel Signaling. 

CCSS Common Configuration Scoring System. A set of measures of the severity of software 


security configuration issues. A SCAP specification for measuring the severity of software security 


configuration issues. 
CCTV Closed-Circuit Television. 
CDDI Copper Distributed Data Interface. 
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CDMA Code Division Multiple Access. A technique permitting the use of a single frequency band 
by a number of users. Users are allocated a sequence that uniquely identifies them. 

CDP Cisco Discovery Protocol. 

CDR Charging Data Record. A formatted collection of information about a chargeable event (e.g., 


time of call set-up, duration of the call, amount of data transferred, etc.) for use in billing and accounting. For 
each party to be charged for parts of or all the charges of a chargeable event, a separate CDR shall be generated, 
ie, more than one CDR may be generated for a single chargeable event, e.g., because of its long duration or 


because more than one charged party is to be charged. 


CD-R Compact Disc-Recordable. An optical or laser disc that offers one-time writing capability 
with about 700 MB or greater of storage. 


CD-ROM A compact disk, similar to an audio compact disk, which is used to store computer 


information (e.g., programs, data, or graphics). 
CD-RW Compact Disc- Rewritable. A CD that offers unlimited writing and updating capabilities. 


CDS Cross Domain Solution. A form of controlled interface that provides the ability to manually 


and/or automatically access and/or transfer information between different security domains. 


CDSA Common Data Security Architecture. CDSA denotes the overall security infrastructure for 
all components of the computer system or network, employing many security applications. A CDSA is based 
on cryptology and digital certificate management, and can support a variety of programming environments. 
Typically, a CDSA is made up of four layers, ranging from the bottom layer of the service provider modules' 


basic security programs, to the top layer, which includes secure digital certificate-based transactions. 
CE Covered Entity. 


CEFACT United Nations Centre for Facilitation of Procedures and Practices for Administration, 
Commerce, and Transport (UN/ CEFACT). 


Cell Sites A transmitter-receiver location, operated by the wireless service provider, through which 


radio links are established between the wireless system and the wireless unit. 


Cellular Service Cellular mobile telephone system. A wireless telephone system using multiple transceiver 


sites linked to a central computer for coordination. 


CEN European Center for Standardization, or Comité Européen de Normalisation. 
CEng Chartered Engineer 
Central Office of Record Office of a federal department or agency that keeps (COR) records of 


accountable COMSEC material held by elements subject to its oversight. 


Central Services Node The Key Management Infrastructure core node that provides central 


security management and data management services. 
CEO Chief executive officer. 


CEPS Common electronic purse specifications; a standard used with smartcards. 


43 


Xingan Li & Peilin Li 


CER Crossover Error Rate. A comparison metric for different biometric devices and technologies; 
the error rate at which FAR equals FRR. The lower the CER, the more accurate and reliable the biometric 
device. 

CERN European Laboratory for Particle Physics. Birthplace of the World Wide Web. 

CERT Computer Emergency Response Team. A group of people integrated at the enterprise with 


clear lines of reporting and responsibilities for standby support in case of an information systems emergency. 
This group will act as an efficient corrective control, and should also act as a single point of contact for all 


incidents and issues related to information systems. 
CERT/CC Computer emergency response team coordination center, a service of CMU/SEI. 


Certificate Authority Certification Authority. A trusted third party that associates a public key 
with proof of identity by producing a digitally signed certificate. In the pre-Internet world, every secure 
transaction involved a trusted third party -- such as a notary, attorney or broker -- who could guarantee that 
both parties were who they purported to be. A Certificate Authority (CA) fills that same role in the digital 
world. A CA vendor, such as VeriSign or Entrust, issues certificates that contain the identities and affiliations 
of individuals, along with their public keys. These certificates are bound together with the digital signature and 
stored in a special directory. The sender's browser looks up the recipient's certificate in the directory, and the 
message can be encrypted using the key embedded in the certificate. The sender can then sign the message 


using his own private key, and the recipient can verify the signature by using the sender's public key that is 
vouched for by the CA. 


Certificate Management Process whereby certificates (as defined above) are generated, stored, 


protected, transferred, loaded, used, and destroyed. 


Certificate Policy A specialized form of administrative policy tuned to electronic transactions performed 
during certificate management. A Certificate Policy addresses all aspects associated with the generation, 
production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, 
a certificate policy can also govern the transactions conducted using a communications system protected by a 
certificate-based security system. By controlling critical certificate extensions, such policies and associated 


enforcement technology can support provision of the security services required by particular applications. 


Certificate Related Information Data, such as a subscriber's postal address that is not included in a 


certificate, This may be used by a Certification Authority (CA) in managing certificates. 


Certificate Revocation List A list of revoked public key certificates created and digitally signed by a 
Certification Authority. It is an instrument for checking the continued validity of the certificates for which the 
certification authority (CA) has responsibility. 


Certificate Signing Request Data about an entity given to a certification authority. The authority will 
package the data into a certificate and sign the certificate if the data in the signing request is validated. 


Certificate Status Authority A trusted entity that provides on-line verification to a relying party of a 
subject certificate's trustworthiness, and may also provide additional attribute information for the subject 


certificate. 


Certificate An encrypted file containing user or server identification information, which is used to verify 


identity and to help establish a security-enhanced link. A set of information which at least identifies the 


44 


Dictionary of Cyber Security 


certification authority issuing the certificate; unambiguously names or identifies its owner; contains the owner's 


public key and is digitally signed by the certification authority issuing it. 
Certification Agent The individual(s) responsible for making a technical judgment of the 


system’s compliance with stated requirements, identifying and assessing the risks associated with operating the 
system, coordinating the certification activities, and consolidating the final certification and accreditation 


packages. 
Certification Analyst The independent technical liaison for all stakeholders involved in the C&A 


process responsible for objectively and independently evaluating a system as part of the risk management 
process. Based on the security requirements documented in the security plan, performs a technical and non- 
technical review of potential vulnerabilities in the system and determines if the security controls (management, 


operational, and technical) are correctly implemented and effective. 


Certification and Accreditation Plan A plan delineating objectives, responsibilities, schedule, 


technical monitoring, and other activities in support of the C&A process. 


Certification and Repair Center A U.S. Department of State (DoS) facility utilized — by 
IM/SO/TO/OTSS departments for program activities. 


Certification Authority Facility The collection of equipment, personnel, procedures and structures that are 


used by a Certification Authority to perform certificate issuance and revocation. 


Certification Authority In a hierarchical Public Key Infrastructure, the Certification Authority 


whose public key serves as the most trusted datum (i.e, the beginning of trust paths) for a security domain. 
Certification Body An independent organization that provides certification services. 


Certification Level A combination of techniques and procedures used during a certification 
and accreditation process to verify the correctness and effectiveness of security controls in an information 
technology system. Security certification levels represent increasing levels of intensity and rigor in the 
verification process and include such techniques as reviewing and examining documentation; interviewing 
personnel; conducting demonstrations and exercises; conducting functional, regression, and penetration testing; 


and analyzing system design documentation. 


Certification Package Product of the certification effort documenting the detailed results of the 
certification activities. The certification package includes the security plan, developmental or operational 


certification test reports, risk assessment report, and certifier’s statement. 


Certification PathA chain of certificates between any given certificate and its trust anchor (CA). Each 
certificate in the chain must be verifiable in order to validate the certificate at the end of the path; this 
functionality is critical to the usable PKI. 


Certification Statement The certifier’s statement provides an overview of the security status of the 
system and brings together all of the information necessary for the DAA to make an informed, risk-based 
decision, The statement documents that the security controls are correctly implemented and effective in their 


application. The report also documents the security controls not implemented and provides corrective actions. . 


Certification A comprehensive assessment of the management, operational, and technical security controls 


in an information system, made in support of security accreditation, to determine the extent to which the 
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controls are implemented correctly, operating as intended, and producing the desired outcome with respect to 


meeting the security requirements for the system. 


Certification The technical verification that the system safeguards are adequate and function properly, 
while is the official authorization of operation and suspension of security activities. Contingency planning 


ensures a continued processing capability for critical systems in the event of a network shutdown, 


Certifier Individual responsible for making a technical judgment of the system’s compliance with 
stated requirements, identifying and assessing the risks associated with operating the system, coordinating the 


certification activities, and consolidating the final certification and accreditation packages. 


CESG Listed Adviser Scheme The CESG Listed Adviser Scheme (CLAS) is an initiative created and 
managed by CESG in order to provide a pool of approved advisers to UK Government, assessed and 
confirmed to be knowledgeable and experienced in applying HMG Security Policy and interpreting CESG 


guidance. 


CESG Originally, this stood for Communications-Electronics Security Group, but in recent years 
no longer stands for anything, and has become the moniker for The National Technical Authority for 
Information Assurance. A subdivision of GCHQ, CESG advises HMG and CNI organisations on technical 
security threats, risks and mitigating countermeasures, as well as providing all cryptographic services for 


protection of Protectively Marked material. 


CFO Chief Financial Officer. 
CFR Code of Federal Regulations. 
CGI Common Gateway Interface. A set of rules that describe how a Web Server communicates 


with another piece of software on the same machine, and how the other piece of software (the CGI program) 
talks to the web server. Any piece of software can be a CGI program if it handles input and output according 
to the CGI standard. 


Chain of CustodyA legal principle regarding the validity and integrity of evidence. It requires accountability 
for anything that will be used as evidence in a legal proceeding to ensure that it can be accounted for from the 
time it was collected until the time it is presented in a court of law. It Includes documentation as to who had 
access to the evidence and when, as well as the ability to identify evidence as being the exact item that was 
recovered or tested. Lack of control over evidence can lead to it being discredited. Chain of custody depends 
on the ability to verify that evidence could not have been tampered with. This is accomplished by sealing off 
the evidence, so it cannot be changed, and providing a documentary record of custody to prove that the 


evidence was at all times under strict control and not subject to tampering, 


Chain of Evidence A process and record that shows who obtained the evidence; where and 
when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence. 
The “sequencing” of the chain of evidence follows this order collection and identification; analysis; storage; 


preservation; presentation in court; return to owner. 
Chain Responder An OCSP responder that relays the results of querying another OCSP responder. 


Challenge and Reply Authentication Prearranged procedure in which a subject requests 
authentication of another and the latter establishes validity with a correct reply. 
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Challenge and Response Authentication This describes a variety of techniques of varying 
complexity whereby one entity (system, person, organisation) challenges another in order to validate its 
identity, expecting a known or calculable response to its challenge. The simplest form of Challenge/ Response 
authentication is a request for a password, and then provision of that password. More complex techniques and 


protocols exist to protect against interception of challenge and response, replay of responses and the like. 


Challenge Handshake Authentication Protocol A secure login procedure for dial-in access that avoids 
sending in a password in the clear by using cryptographic hashing. 


Challenge-Response Protocol An authentication protocol where the verifier sends the claimant a 
challenge (usually a random value or a nonce) that the claimant combines with a secret (often by hashing the 
challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a 
response that is sent to the verifier. The verifier can independently verify the response generated by the 
Claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the 
response, or performing a public key operation on the response) and establish that the Claimant possesses and 


controls the secret. 


Change Management The broad processes for managing organizational change. Change 


management encompasses planning, oversight or governance, project management, testing, and implementation. 


Channel A virtual "toom" on the IRC text chat system. Most channels are usually dedicated to a 
single topic. 


CHAP Challenge Handshake Authentication Protocol. Applies a three-way handshaking procedure. 
After the link is established, the server sends a “challenge” message to the originator. The originator responds 
with a value calculated using a one-way hash function. The server checks the response against its own 
calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise, the 


connection is usually terminated. 
Character A single numeric digit, special symbol, or letter. 


Chargeback A payment card transaction where the supplier initially receives payment but the transaction 
is later rejected by the cardholder or the card issuing company. The suppliet’s account is then debited with the 


disputed amount. 


Chartered Engineer An internationally-recognised engineering qualification confirming that the 


holder has reached a high level of professional competence in an engineering- or technology-related discipline. 


Chartered IT Professional A qualification conferred by the British Computer Society (BCS) to 
denote that a professional working in IT has reached a high level of professional competence in their field. 


Chat Room An area of a Web chat service that people can “enter” with their Web browsers where the 


conversations are devoted to a specific topic; equivalent to a channel in IRC. 


Chat An online conversation where a person can continually read messages from others in the chat 
room and then type and send a message reply. Communicating online, usually live, using one on one 


communications services such as instant messaging (IM), IRC, Facebook or Skype. 


Check Digit A numeric digit that is used to verify the accuracy of a copied or transcribed number. The 
numeric digit is typically appended to the end of a number. 


Check Word Cipher text generated by cryptographic logic to detect failures in cryptography. 
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Checksum A mathematical value that is assigned to a file and used to “test” the file at a later date to 
verify that the data contained in the file has not been maliciously changed. A cryptographic checksum is 
created by performing a complicated series of mathematical operations (known as a cryptographic algorithm) 
that translates the data in the file into a fixed string of digits called a hash value, which is then used as the 
checksum. Without knowing which cryptographic algorithm was used to create the hash value, it is highly 
unlikely that an unauthorized person would be able to change data without inadvertently changing the 
corresponding checksum. Cryptographic checksums are used in data transmission and data storage. 
Cryptographic checksums are also known as message authentication codes, integrity check-values, modification 


detection codes or message integrity codes. 


Chip and Signature A verification process where a consumer uses their signature with an EMV 


Chip-enabled payment terminal when they purchase goods or services. 
Chip A wafer containing miniature electronic imprinted circuits and components. 


Choice The third step in the decision-making process where you decide on a plan to address the 
problem or opportunity. 


Choke Point In computer security, a place in a system where input is routed for the 
purposes of performing data validation, The implication is that there are few such places in a system and that 
all data must pass through one or more of the choke points. The idea is that funneling input through a small 
number of choke points makes it easier to ensure that input is properly validated. One potential concern is that 
poorly chosen choke points may not have enough information to perform input validation that is as accurate 


as possible. 


Chosen Message Attack A type of attack where the steganalyst generates a stego-medium from a 


message using some particular tool, looking for signatures that will enable the detection of other stego-media. 


Chosen Stego Attack A type of attack when both the stego-medium and the steganography tool 
or algorithm is available. 

Chroot A UNIX system call that sets the root directory for a process to any arbitrary directory. The 
idea is compartmentalization Even if a process is compromised, it should not be able to see interesting 


parts of the file system beyond its own little world. There are some instances where chroot "jails" can be 


circumvented; it can be difficult to build proper operating environments to make chroot work well. 


Chunked-Encoding Transfer Attempt The vulnerability is a buffer overflow in the chunked 
encoding transfer mechanism in the Internet Information Server Active pages. This vulnerability allows 


attackers to execute arbitrary code or to cause Denial of Service. 


CIA Confidentiality, Integrity & Availability. Three security aspects have long been held as the 
fundamental principles of Information Security. There is regular discussion about adding additional aspects 
(such as Authenticity, Accountability, Non-Repudiation or Legality to the set, but in general these tend to be 
descriptive of means by which the C/I/A of information can be protected or assured. 


CIA Confidentiality, Integrity and Availability. 

CIDF Common Intrusion Detection Framework Model. 
CIDR Classless Interdomain Routing, 

CIF Collective Intelligence Framework 
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CII Call-Identifying Information. 

CIK Crypto Ignition Key. The device or electronic key used to unlock the secure mode of crypto 
equipment. 

CIK Cryptographic Ignition Key. Device or electronic key used to unlock the secure mode of 


cryptographic equipment. 


CIO Chief Information Officer. Agency official responsible for (1) Providing advice and other 
assistance to the head of the executive agency and other senior management personnel of the agency to ensure 
that information technology is acquired and information resources are managed in a manner that is consistent 
with laws, Executive Orders, directives, policies, regulations, and priorities established by the head of the 
agency; (2) Developing, maintaining, and facilitating the implementation of a sound and integrated 
information technology architecture for the agency; and (3) Promoting the effective and efficient design and 
operation of all major information resources management processes for the agency, including improvements to 


work processes of the agency. 


Cipher Disk An additive cipher device used for encrypting and decrypting messages. 
The disk consists of two concentric circular scales, usually of letters, and the alphabets can be repositioned 


with respect to one another at any of the 26 relationships. 


Cipher Feedback Mode A mode that turns a block cipher into a stream cipher. This mode is safe 
only when used in particular configurations. Generally, CTR mode and OFB mode are used instead since both 


have better security bounds. 


Cipher Suite Negotiated algorithm identifiers. Cipher suites are identified in human-readable form using a 


pneumonic code. 
Cipher System A system in which cryptography is applied to plaintext elements of equal length. 


Cipher Text A message that has been encrypted using a specific algorithm and key. 





Cipher Any cryptographic system in which arbitrary symbols or groups of symbols, represent units 


of plain text, or in which units of plain text are rearranged, or both, 


Cipher-Block Chaining Mode A block cipher mode that provides secrecy but not message integrity. 


Messages encrypted with this mode should have random initialization vectors. 


Ciphertext Stealing Mode A block cipher mode of operation that is similar to CBC 
mode except that the final block is processed in such a way that the output is always the same length as the 
input. That is, this mode is similar to CBC mode but does not require padding. 


Ciphertext Information generated by an encryption algorithm to protect the plaintext and that is 


unintelligible to the unauthorized reader. 
Ciphony Process of enciphering audio information, resulting in encrypted speech. 
CIR Committed Information Rate. 


Circuit Switching A communications paradigm in which a dedicated communication path is established 
between two hosts and on which all packets travel. The telephone system is an example of a circuit-switched 


network. 
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CIRT Computer Incident Response Team. Group of individuals usually consisting of Security 
Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, 


eradication, and recovery resulting from computer security incidents. 


CISCP Cyber Information Sharing and Collaboration Program, part of cert.uk is a joint industry 
government to share cyber threat and vulnerability information in order to increase overall situational 
awareness. 

CISL Common Intrusion Specification Language. 

CISM Certified Information Security Manager. 

CISO Chief information Security Officer. 

CISSP Certified Information Systems Security Professional. an independent, internationally- 


recognised security certification, confirming that an individual has an understanding of a defined "Common 
Body of Knowledge" relating to Information Security. The certificate can be achieved by working in a security- 


related role for 5 years and passing a 6-hour exam. 
CITP Chartered IT Professional 


Civilian Participation The involvement of non-military persons in warfare. While civilians have 
often provided support to the military in kinetic wars, in cyber warfare civilians are able to remotely participate 
in direct attacks against opponents. This raises complicated questions of law when the combatants are not 


uniformed military personnel. 
CKM Cryptographic key management. 


Claim Adjustment Reason Codes A national administrative code set that identifies the reasons for any 
differences, or adjustments, between the original provider charge for a claim or service and the payer's payment 


for it. This code set is used in the X12 835 Claim Payment & Remittance Advice and the X12 837 Claim 


transactions, and is maintained by the Health Care Code Maintenance Committee. 


Claim Attachment Any of a variety of hardcopy forms or electronic records needed to 


process a claim in addition to the claim itself. 


Claim Authentication Information Information used by a claimant to generate exchange AI needed to 874 


authenticate a principal. 


Claimant An entity which is or represents a principal for the purposes of authentication, together with 
the functions involved in an authentication exchange on behalf of that entity. A claimant acting on behalf of a 
principal must include the functions necessary for engaging in an authentication exchange. (e.g., a smartcard 
[claimant] can act on behalf of a human user [principal]). An entity (user, device or process) whose assertion is 


to be verified using an authentication protocol. 


Class An implementation of an abstract data type. A definition of the data structures, methods, 


and interface of software objects. A template for the instantiation (creation) of software objects. 


Classification Authority The authority vested in an official of an agency to originally classify 
information or material which is determined by that official to require protection against unauthorized 


disclosure in the interest of national security. 
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Classification Guides Documents issued in an exercise of authority for original classification that 
include determinations with respect to the proper level and duration of classification of categories of classified 


information. 


Classification The determination that certain information requires protection against unauthorized 
disclosure in the interest of national security, coupled with the designation of the level of classification Top 


Secret, Secret, or Confidential. 


Classified Information Spillage Is a security incident that occurs whenever classified data is spilled either 


onto an unclassified information system or to an information system with a lower level of classification. 


Classified Information Information that has been determined pursuant to Executive Order (E.O.) 
13292 or any predecessor order to require protection against unauthorized disclosure and is marked to 
indicate its classified status when in documentary form. Information that has been determined (i) pursuant to 
Executive Order 12958 as amended by Executive Order 13292, or any predecessor Order, to be classified 
national security information; or (ii) pursuant to the Atomic Energy Act of 1954, as amended, to be 
Restricted Data (RD). 


Classified National Security Information Information that has been determined pursuant to 
Executive Order 13526 or any predecessor order to require protection against unauthorized disclosure and is 


marked to indicate its classified status when in documentary form. 


Classifier An individual who makes a classification determination and applies a security classification 
to information or material. A classifier may either be a classification authority or may assign a security 


classification based on a properly classified source or a classification guide. 


Clear Desk Policy A policy that directs all personnel to clear their desks at the end of each 
working day, and file everything appropriately. Desks should be cleared of all documents and papers, including 
the contents of the “in” and “out” trays not simply for cleanliness, but also to ensure that sensitive papers and 


documents are not exposed to unauthorized persons outside of working hours. 
Clear mode Unencrypted plain text mode. 


Clear Screen Policy A policy that directs all computer users to ensure that the contents of the 
screen are protected from prying eyes and opportunistic breaches of confidentially. Typically, the easiest means 


of compliance is to use a screen saver that engages either on request or after a specified short period of time. 


Clear To use software or hardware products to overwrite storage space on the media with 
nonsensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., 


file allocation table) but also may include all addressable locations. 


Clearance Formal certification of authorization to have access to classified information other than that 
protected in a special access program (including SCI). Clearances are of three types confidential, secret, and 
top secret. A top secret clearance permits access to top secret, secret, and confidential material; a secret 


clearance, to secret and confidential material; and a confidential clearance, to confidential material. 


Cleared U.S. citizen A citizen of the United States who has undergone a favorable background 
investigation resulting in the issuance of a security clearance by the Bureau of Diplomatic Security permitting 


access to classified information at a specified level. 
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Clearing Removal of data from an information system, its storage devices, and other peripheral 
devices with storage capacity, in such a way that the data may not be reconstructed using common system 


capabilities (i.e., through the keyboard); however, the data may be reconstructed using laboratory methods. 
Cleartext Data that is not encrypted; plaintext. 


CLEC Competitive Local Exchange Carriers. A competitive access provider that also provides 
switched local services, such as local dial tone and Centrex. CLEC are authorized by state commissions to 
resell existing incumbent LEC services at wholesale rates and lease component facilities for use with their own 


facilities. 
CLIA Clinical Laboratory Improvement Amendments. 


Click Trail A record of all the Web page addresses you have visited during a specific online session. 
Click trails tell not just what Web site you visited, but which pages inside that site. 


Clickstream A stored record of a Web surfing session containing information such as Web sites visited, 


how long the user was there, what ads were looked at, and the items purchased. 


Click-Throughs A count of the number of people who visit one site and click on an ad, and are taken to the 


site of the advertiser. 
CLID Caller Identification. 


Client A system entity, usually a computer process acting on behalf of a human user, that makes use 


of a service provided by a server. 


Client/Server Architecture A local area network in which microcomputers, called servers, provide 


specialized service on behalf of the user’s computers, which are called clients. 


Client/Server Model A common way to describe network services and the model user processes 


(programs) of those services. Examples include the name-serve/name-resolver paradigm of the 


Client/Server In networking, a network in which several PC-type systems (clients) are connected to one or 
more powerful, central computers (servers). In databases, refers to a model in which a client system runs a 


database application (front end) that accesses information in a database management system situated on a 


server (back end). 


CLNP Connectionless Network Protocol. 
CLNS Connectionless Network Services. 
Cloning Mirror Image or Physical Sector Copy. The term given to the operation of creating an exact 


duplicate of one medium on another like medium. 


Closed Network Closed User Group. These are systems which generally represent those in which certificates 
are used within a bounded context such as within a payment system. A contract or series of contracts identify 


and define the rights and responsibilities of all parties to a particular transaction. 


Closed Security Environment Environment providing sufficient assurance that applications and 
equipment are protected against the introduction of malicious logic during an information system life cycle. 
Closed security is based upon a system's developers, operators, and maintenance personnel having sufficient 


clearances, authorization, and configuration control. 
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Closed Storage Storage of classified information within an accredited facility, in General Services 


Administration-approved secure containers, while the facility is unoccupied by authorized personnel. 


Cloud Computing A model for enabling on-demand network access to a shared pool of 
configurable IT capabilities/ resources (e.g., networks, servers, storage, applications, and services) that can be 
rapidly provisioned and released with minimal management effort or service provider interaction. It allows 
users to access technology-based services from the network cloud without knowledge of, expertise with, or 
control over the technology infrastructure that supports them. This cloud model is composed of five essential 
characteristics (on-demand self service, ubiquitous network access, location independent resource pooling, 
rapid elasticity, and measured service); three service delivery models (Cloud Software as a Service [SaaS], 
Cloud Platform as a Service [PaaS], and Cloud Infrastructure as a Service [IaaS]); and four models for 
enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud). Both the user's data and 


essential security services may reside in and be managed within the network cloud. 
CLP Cell Loss Priority. 


CMCS COMSEC Material Control System. Logistics and accounting system through which 
COMSEC material marked "CRYPTO" is distributed, controlled, and safeguarded. Included are the 
COMSEC central offices of record, crypto logistic depots, amd COMSEC accounts. COMSEC material other 
than key may be handled through the CMCS. 


CMF Common mode failure. 
CMI Coded mark inversion. 
CMSS Common Misuse Scoring System. A set of measures of the severity of software feature 


misuse vulnerabilities. A software feature is a functional capability provided by software. A software feature 
misuse vulnerability is a vulnerability in which the feature also provides an avenue to compromise the security 


of a system. 


CMVP Cryptographic Module Validation Program. Validates cryptographic modules to Federal 
Information Processing Standard (FIPS) 140-2 and other cryptography-based standards. The CMVP is a 
joint effort between National Institute of Standards and Technology (NIST) and the Communications 
Security Establishment (CSE) of the government of Canada. Products validated as conforming to FIPS 140-2 
are accepted by the federal agencies of both countries for the protection of sensitive information (United 
States) or Designated Information (Canada). The goal of the CMVP is to promote the use of validated 
cryptographic modules and provide federal agencies with a security metric to use in procuring equipment 


containing validated cryptographic modules. 


CND Computer Network Defense. Actions taken to defend against unauthorized activity within 
computer networks. CND includes monitoring, detection, analysis (such as trend and pattern analysis), and 


response and restoration activities. 


CNE Computer Network Exploitation. Enabling operations and intelligence collection capabilities 
conducted through the use of computer networks to gather data from target or adversary information systems 


or networks. 
CNI Critical National Infrastructure 


CNO Computer Network Operations. Comprised of computer network attack, computer network 


defense, and related computer network exploitation enabling operations. 
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CO Central office. 


Coaxial Cable |= A medium used for telecommunications. It is similar to the type of cable used for carrying 


television signals. 


COB Coordination of Benefits. A process for determining the respective responsibilities of two or 


more health plans that have some financial responsibility for a medical claim. 


COBOL Common Business Oriented Language. A high-level programming language for business 


computer applications. 
COBRA Common Object Request Broker Architecture. 


CODASYL Conference on Data Systems Languages. A Department of Defense-sponsored group that 


studies the requirements and design specifications for a common business programming language. 
Code Auditing Reviewing computer software for security problems. 


Code Book Document containing plain text and code equivalents in a systematic arrangement, or a 


technique of machine encryption using a word substitution technique. 


Code Generator A precompiler program that translates fourth-generation language-like code into the 


statements of a third-generation language code. 


Code Group Group of letters, numbers, or both in a code system used to represent a 


plain text word, phrase, or sentence. 


Code of Fair Information Practices The basis for privacy best practices, both online and offline. The practices 
originated in the Privacy Act of 1974, the legislation that protects personal information collected and 
maintained by the U.S. Government. In 1980, these principles were adopted by the Organization for 
Economic Cooperation and Development and incorporated in its Guidelines for the Protection of Personal 
Data and Transborder Data Flows. They were adopted later in the EU Data Protection Directive of 1995, 
with modifications. The Fair Information Practices include notice, choice, access, onward transfer, security, 


data integrity, and remedy. 
Code Room The designated and restricted area in which cryptographic operations are conducted. 


Code Signing Signing executable code to establish that it comes from a trustworthy vendor. The signature 
must be validated using a trusted third party in order to establish identity. 


Code System Any system of communication in which groups of symbols represent plaintext elements of 
varying length. 
Code Vocabulary Set of plain text words, numerals, phrases, or sentences for which code equivalents are 


assigned in a code system. 


Code System of communication in which arbitrary groups of letters, numbers, or symbols 
represent units of plain text of varying length; a term often used informally to describe software language. 
Code Book Is a document containing plain text and code equivalents in a systematic arrangement or a 


technique of machine encryption using a word substitution technique. 


Code(s) Of Connection A set of rules or configuration requirements with which organisations 


must comply in order to connect to a network or system of networks. For example, the Government Secure 
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intranet (GSi) and similar community networks in the Justice, Police and Defence arenas, rather than 
inspecting connecting systems in minute detail, require compliance with a Code of Connection that ensures 


connecting organisations do not introduce a greater threat (and risk) to the interconnected community as a 


whole. 

Coder A computer programmer or one who writes computer programming language code. 

Coder The individual who translates program design into executable computer code. 

Coding The activity of translating a set of computer processing specifications into a formal language 


for execution by a computer. 
Coefficient a number or symbol multiplied with a variable or an unknown quantity in an algebraic term. 


COG Continuity of Government. A coordinated effort within the federal government's executive 


branch to ensure that national essential functions continue to be performed during a catastrophic emergency. 


Cohesion The manner and degree to which the tasks performed by a single software module are related 
to another. Types of cohesion include coincidental, communication, functional, logical, procedural, sequential, 


and temporal. 


COI Community of Interest. A collaborative group of users who exchange information in pursuit 
of their shared goals, interests, missions, or business processes, and who therefore must have a shared 
vocabulary for the information they exchange. The group exchanges information within and between systems 


to include security domains. 


Cold Site Backup site that can be up and operational in a relatively short time span, such as a day or 
two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture 
might be in place, but there is unlikely to be any computer equipment, even though the building might well 
have a network infrastructure and a room ready to act as a server room. In most cases, cold sites provide the 
physical location and basic services. A backup facility that has the necessary electrical and physical components 
of a computer facility, but does not have the computer equipment in place. The site is ready to receive the 
necessary replacement computer equipment in the event that the user has to move from their main computing 


location to an alternate site. 
Cold Start A procedure for initially keying crypto-equipment. 


Collaboration System A system that is designed specifically to improve the performance of teams 
by supporting the sharing and flow of information, 


Collaboration — Enabling collaboration which transforms shared awareness into actions which can achieve a 


competitive advantage. 


Collaborative Filtering A method of placing you in an affinity group of people with the same 
characteristics. 
Collaborative Planning, Forecasting, and Replenishment A concept that encourages and 


facilitates collaborative processes between members of a supply chain. 


Collaborative Processing Enterprise Information Portal Provides knowledge workers with 


access to workgroup information such as e-mails, reports, meeting minutes, and memos. 
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Collateral Information National security information classified in accordance with E.O. 12356, 


dated April 2, 1982. 


Collision Detection An avoidance method for communications channel contention that 
depends on two stations detecting the simultaneous start of each other’s transmission, stopping, and waiting a 


random period of time before beginning again. 


Collision Resistance In cryptography, the idea that a hash function does not generate the same 
output for different inputs. 


Collision (1) A condition that is present when two or more terminals are in contention during 
simultaneous network access attempts. (2) In cryptography, an instance when a hash function generates the 


same output for different inputs. 


Co-Location A vendor that rents space and telecommunications equipment to other companies. 

Color Palette A set of available colors a computer or an application can display. 

COM Computer Output Microfilm. The production of computer output on photographic film, 
Combatant Status The legal status of combatants in warfare. Existing law distinguishes 


between uniformed military and civilian status. 


Command and Control Warfare The integrated use of operations security (OPSEC), military deception, 
psychological operations (PSYOP), electronic warfare (EW) and physical destruction, mutually supported by 
intelligence, to deny information to, influence, degrade or destroy adversary command and control (C2) 


capabilities, while protecting friendly C2 capabilities against such actions. 


Command and Control The exercise of authority and direction by a properly designated 


comunander over assigned and attached forces in the accomplishment of the mission. 


Command Authority An individual responsible for the appointment of user representatives for a 


department, agency, or organization and their key ordering privileges. 


Comment Public commentary on the merits or appropriateness of proposed or potential regulations 


provided in response to an NPRM, an NOLJ, or other federal regulatory notice. 
ommit Protocol An algorithm to ensure that a transaction is successfully completed. 
C t Protocol An algorithm t that at t fully pleted 


Commit A condition implemented by the programmer signaling to the DBMS that all update activity 
that the program conducts be executed against a database. Before the commit, all update activity can be rolled 


back or canceled without negative impact on the database contents. 


Commodity Service An information system service (e.g., telecommunications service) provided 
by a commercial service provider typically to a large and diverse set of consumers. The organization acquiring 
and/or receiving the commodity service possesses limited visibility into the management structure and 
operations of the provider, and while the organization may be able to negotiate service-level agreements, the 


organization is typically not in a position to require that the provider implement specific security controls, 


Common Attack Pattern Enumeration and Classification A catalogue of attack patterns as “an 


abstraction mechanism for helping describe how an attack against vulnerable systems or networks is executed” 


published by the MITRE Corporation. 
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Common Carrier In a telecommunications context, a telecommunications company that holds itself out to the 
public for hire to provide communications transmission services. Note In the United States, such companies 


are usually subject to regulation by federal and state regulatory commissions. 


Common Cause Failure Failure of multiple independent system components occurring from a 


single cause that is common to all of them. 


Common Control Provider An organizational official responsible for — the 
development, implementation, assessment, and monitoring of common controls (ie., security controls 


inherited by information systems). 


Common Control A security control that is inherited by one or more organizational 


information systems. 


Common CriteriaGoverning document that provides a comprehensive, rigorous method for specifying security 


function and assurance requirements for products and systems. 


Common Fill Device One of a family of devices developed to read-in, transfer, or store 


cryptographic key material. 


Common Mode Failure Failure of multiple independent system components that fail in the 


identical mode. 


Common Operating Environment The collection of standards, specifications, and guidelines, architecture 
definitions, software infrastructures, reusable components, application programming interfaces (APIs), 
methodology, runtime environment definitions, reference implementations, and methodology, that establishes 
an environment on which a system can be built. The COE is the vehicle that assures interoperability through a 
reference implementation that provides identical implementation of common functions. It is important to 


realize that the COE is both a standard and an actual product. 


Common Security Control A security control that can be applied to one or more 
organization information systems and has the following properties (1) the development, implementation, 
and assessment of the control can be assigned to a responsible official or organizational element (other than 
the information system owner); and (2) the results from the assessment of the control can be used to support 
the security certification and accreditation processes of an organization information system where that control 


has been applied. 


Common Text A structure and series of requirements defined by the International Organization for 
Standardization, that are being incorporated in all management system International Standards as they are 


revised. 


Communication Protocols A set of rules that govern the operation of hardware or software entities to 


achieve communication. 
Communication Information transfer according to agreed conventions. 


Communications Cover Concealing or altering of characteristic communications patterns to hide 


information that could be of value to an adversary. 


Communications Deception Deliberate transmission, retransmission, or alteration of communications 


to mislead an adversary's interpretation of the communications. 
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Communications Medium The path or physical channel in a network over which information travels. 


Communications Privacy Law Laws which regulate access to electronic communications. In the United 
States, the Electronic Communications Privacy Act (ECPA) protects electronic communications while in 


transit and prohibits the unlawful access and disclosure of communication contents. 


Communications Profile Analytic model of communications associated with an organization or 
activity. The model is prepared from a systematic examination of communications content and patterns, the 


functions they reflect, and the communications security measures applied. 


Communications Protocol A set of rules that every computer follows to transfer 
information. 
Communications Satellite A microwave repeater in space. 


Communications Service Provider A third party who furnishes the conduit for information. 


Communications System A mix of telecommunications and automated information systems used to 
originate, control, process, encrypt, and transmit or receive information. Such a system generally consists of the 
following connected or connectable devices (1) Automated information equipment (AIS) on which 
information is originated; (2) A central controller (i.e, CIHS, C-LAN) of, principally, access rights and 
information distribution; (3) A telecommunications processor (i.e., TERP, IMH) which prepares information 


for transmission; and (4) National-level devices which encrypt information (COMSEC/CRYPTO/CCI) 


prior to its transmission via Diplomatic Telecommunications Service (DTS) or commercial carrier. 


Community Risk Probability that a particular vulnerability will be exploited within an interacting population 


and adversely impact some members of that population. 


Companding The process where there is a greater number of samples provided at lower 


power conditions of the signal waveform rather than at the higher power portions of the same waveform. 


Compare A computer-applied function that examines two elements of data to determine their 


relationship to one another. 


Comparison The process of comparing a biometric with a previously stored reference. 





Compartmentalization A nonhierarchical grouping of sensitive information used to control access 
to data more finely than with hierarchical security classification alone. It is a process of separating a system 
into parts with distinct boundaries, using simple, well- defined interfaces. The basic idea is that of containment 


i.e., if one part is compromised, perhaps the extent of the damage can be limited. 


Compartmented Mode Mode of operation wherein each user with direct or indirect access to a 
system, its peripherals, remote terminals, or remote hosts has all of the following: (1) valid security clearance 
for the most restricted information processed in the system; (2) formal access approval and signed 
nondisclosure agreements for that information which a user is to have access; and (3) valid need-to-know for 


information which a user is to have access. 


Compensating Security Control A management, operational, and/or technical control (i.e, safeguard or 
countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, 


or high baselines that provides equivalent or comparable protection for an information system. 
g P q P P y 
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Competitive advantage Providing a product or service in a way that customers value more than 


what the competition is able to do. 
Compiler A program that translates high-level computer language instructions into machine code. 


Complementor Provides services that complement the offerings of the enterprise and thereby extend its 


value-adding capabilities to its customers. 


Completeness The property that all necessary parts of an entity are included. Completeness of a product 


often means that the product has met all requirements. 


Compliance Documents Policies, standard and procedures that document the actions that are 


required or prohibited. Violations may be subject to disciplinary actions. 





Compliance The act or process of complying with policies, procedures, standards or mandatory controls 
or requirements. In the context of Information Security, this regularly refers to implementation of an 


ISO/IEC27001 Information Security Management System (ISMS), application of the Security Policy 


Framework, implementation of controls mandated in a Code of Connection, etc. 


Component Basic unit designed to satisfy one or more functional requirements. 
Composite Primary Key The primary key fields from two intersecting relations. 
Composite Threat List A Department of State threat list intended to cover all localities operating 


under the authority of a chief of mission and staffed by direct-hire U.S. personnel. This list is developed in 


coordination with the intelligence community and issued semiannually by the Bureau of Diplomatic Security. 


Comprehensive Testing A test methodology that assumes explicit and substantial knowledge of the 


internal structure and implementation detail of the assessment object. 
Compression A method of storing data in a format that requires less space than normal. 


Compromise The unauthorized disclosure, modification, substitution, or use of sensitive 
data (including plaintext cryptographic keys and other CSPs), Disclosure of information to unauthorized 
persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional 


disclosure, modification, destruction, or loss of an object may have occurred. 


Compromising Emanations Unintentional signals that, if intercepted and analyzed, would disclose the 


information transmitted, received, handled, or otherwise processed by information systems equipment. 


Computer Abuse Intentional or reckless misuse, alteration, disruption, or destruction of information 


processing resources. 
Computer Crime The act of using IT to commit an illegal act. 


Computer Cryptography Use of a crypto-algorithm program by a computer to authenticate or 
encrypt ji decrypt information. 


Computer Ethics The issues and standards that support the proper use of IT which are not criminal or 


threatening to another person or organization. 





Computer Evidence Computer evidence is a copy of a document stored in a computer file that 
i P PY P 
is identical to the original. The legal “best evidence” rules change when it comes to the processing of computer 


evidence. Another unique aspect of computer evidence is the potential for unauthorized copies to be made of 
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important computer files without leaving behind a trace that the copy was made. This situation creates 
problems concerning the investigation of the theft of trade secrets (e.g., client lists, research materials, 


computer-aided design files, formulas, and proprietary software). 


Computer Forensics Computer Forensic Science. The application of the scientific method to 
digital media to establish factual information for judicial review. The term “computer forensics” was coined in 
1991 in the first training session held by the International Association of Computer Specialists (IACIS) in 
Portland, Oregon, Since then, computer forensics has become a popular topic in computer security circles and 
in the legal community. Like any other forensic science, computer forensics deals with the application of law 
to a science. In this case, the science involved is computer science and some refer to it as Forensic Computer 
Science. Computer forensics has also been described as the autopsy of a computer hard disk drive because 
specialized software tools and techniques are required to analyze the various levels at which computer data is 
stored after the fact. Computer forensics deals with the preservation, identification, extraction, and 
documentation of computer evidence. The field is relatively new to the private sector, but it has been the 
mainstay of technology-related investigations and intelligence gathering in law enforcement and military 
agencies since the mid-1980s. Like any other forensic science, computer forensics involves the use of 
sophisticated technology tools and procedures that must be followed to guarantee the accuracy of the 
preservation of evidence and the accuracy of results concerning computer evidence processing, Typically, 
computer forensic tools exist in the form of computer software. Computer Fraud and Abuse Act PL 99-474 
Computer Fraud and Abuse Act of 1986. Strengthens and expands the 1984 Federal Computer Crime 
Legislation. Law extended to computer crimes in private enterprise and anyone who willfully disseminates 


information for the purpose of committing a computer crime (i.e., distribute phone numbers to hackers from a 


BBS). 


Computer Misuse Computer Abuse. This describes activities and behaviour whereby 
someone uses computer technology for purposes other than originally intended. This may cover attacks against 
networks, services and applications, breach of organisational Acceptable Use Policies (e.g. viewing or storing 


inappropriate material) or any other activity that involves using computers for unapproved purposes. 


Computer Network Defense Analysis The cybersecurity work where a person uses defensive 
measures and information collected from a variety of sources to identify, analyze, and report events that occur 
or might occur within the network in order to protect information, information systems, and networks from 


threats. 


Computer Network Defense Infrastructure Support The cybersecurity work where a person tests, implements, 
deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to 
effectively manage the computer network defense service provider network and resources; monitors network to 


actively remediate unauthorized activities. 


Computer Network Two or more computers connected so that they can communicate with 


each other and share information, software, peripheral devices, and processing power. 


Computer Program A series of operations that perform a task when executed in logical 
sequence. 
Computer Security Objects Register A collection of Computer Security Object names and 


definitions kept by a registration authority. 
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Computer Security Subsystem Hardware/software designed to provide computer security features in a 


larger system environment. 


Computer Security The practice of protecting a computer system against internal failures, 
human error, attacks, and natural catastrophes that might cause improper disclosure, modification, destruction, 


or denial-of-service. 


Computer System Security All of the technological safeguards and managerial procedures established 
and applied to computers and their networks (including related hardware, firmware, software, and data) to 


protect organizational assets and individual privacy. 


Computer SystemAn interacting assembly of elements, including at least computer hardware and usually 


software, data procedures, and people. 


Computer Virus A computer virus is a computer program that spreads malicious code. Although some viruses 
are latent, others can corrupt data or impede system performance. The term is specific, distinguished by how 
viruses are distributed (through downloads, email attachments, or removable media such as CDs, DVDs, or 


USB drives), but is often used as a catchall, much like the word “malware.” 


Computer The hardware, software, and firmware components of a system that are capable of 
performing calculations, manipulations, or storage of data. It usually consists of arithmetic, logical, and control 


units, and may have input, output, and storage devices. 


Computer-Telephony Integration A description for any technology (or set of technologies) that allows 
computers and telephones to interact. Examples are electronic helpdesk systems that bring up customer 
information based on a caller's telephone number (screen popping), automatic dialling of numbers from a 
desktop address book, etc. Integration of two diverse technologies in this way can raise some interesting 
security issues, as telephony equipment and technology is not generally secured in the same way (or to the same 


degree) as networked computer equipment. 


Computing Environment The total environment in which an automated information system, 
network, or component operates. The environment includes physical, administrative, and personnel procedures 


as well as communication and networking relationships with other information systems. 


COMSEC Account Audit Examination of the holdings, records, and procedures of a COMSEC 
account ensuring all accountable COMSEC material is properly handled and safeguarded. 


COMSEC Account Administrative entity, identified by an account number, used to maintain 
accountability, custody, and control of COMSEC material. 


COMSEC Aid COMSEC material that assists in securing telecommunications and is required in the 
production, operation, or maintenance of COMSEC systems and their components. COMSEC keying 


material, callsign/ frequency systems, and supporting documentation, such as operating and maintenance 


manuals, are examples of COMSEC aids. 


COMSEC Assembly Group of parts, elements, subassemblies, or circuits that are removable 
items of COMSEC equipment. 


COMSEC Boundary Definable perimeter encompassing all hardware, firmware, and software 
components performing critical COMSEC functions, such as key generation, handling, and storage. 


COMSEC Chip Set Collection of NSA-approved microchips. 
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COMSEC Control Program Computer instructions or routines controlling or affecting the externally 


performed functions of key generation, key distribution, message encryption/ decryption, or authentication. 


COMSEC Custodian Individual designated by proper authority to be responsible for the receipt, 
transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. 


COMSEC Demilitarization Process of preparing COMSEC equipment for disposal 
by extracting all CCI, classified, or cryptographic (CRYPTO) marked components for their secure destruction, 


as well as defacing and disposing of the remaining equipment hulk. 


COMSEC Element Removable item of COMSEC equipment, assembly, or subassembly; 
normally consisting of a single piece or group of replaceable parts. 

COMSEC End-item Equipment or combination of components ready for use in a COMSEC 
application. 

COMSEC Equipment Equipment designed to provide security to telecommunications by 


converting information to a form unintelligible to an unauthorized interceptor and, subsequently, by 
reconverting such information to its original form for authorized recipients; also, equipment designed 
specifically to aid in, or as an essential element of, the conversion process. COMSEC equipment includes 


ctypto-equipment, crypto ancillary equipment, cryptographic production equipment, and authentication 


equipment. 

COMSEC Facility Authorized and approved space used for generating, storing, repairing, or 
using COMSEC material. 

COMSEC Incident Occurrence that potentially jeopardizes the security of COMSEC material 


or the secure electrical transmission of national security information or information governed by 10 U.S.C. 


Section 2315. 


COMSEC Insecurity COMSEC incident that has been investigated, evaluated, and determined 
to jeopardize the security of COMSEC material or the secure transmission of information. 

COMSEC Manager Individual who manages the COMSEC resources of an organization. 
COMSEC Material Item designed to secure or authenticate telecommunications. COMSEC 


material includes, but is not limited to key, equipment, devices, documents, firmware, or software that 


embodies or describes cryptographic logic and other items that perform COMSEC functions. 
COMSEC Modification Information systems security equipment modification. 


COMSEC Module Removable component that performs COMSEC functions in a 


telecommunications equipment or system. 


COMSEC Monitoring Act of listening to, copying, or recording transmissions of one's own 


official telecommunications to analyze the degree of security. 


COMSEC Officer The properly appointed individual responsible to ensure that COMSEC 
regulations and procedures are understood and adhered to, that the COMSEC facility is operated securely, 
that personnel are trained in proper COMSEC practices, and who advises on communications security matters. 


Only Department of State personnel will be appointed. 
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COMSEC Profile Statement of COMSEC measures and materials used to protect a given 


operation, system, or organization. 


COMSEC Survey Organized collection of COMSEC and communications information 


relative toa given operation, system, or organization. 


COMSEC System Data Information required by a COMSEC equipment or system to enable it to 
properly handle and control key. 


COMSEC Training Teaching of skills relating to COMSEC accounting, use of COMSEC aids, 


or installation, use, maintenance, and repair of COMSEC equipment. 


COMSEC Communications Security. A component of Information Assurance that deals with measures 
and controls taken to deny unauthorized persons information derived from telecommunications and to ensure 
the authenticity of such telecommunications. COMSEC includes crypto security, transmission security, 


emissions security, and physical security of COMSEC material. 


Concealment Systems A method of keeping sensitive information confidential by embedding it in 


irrelevant data. 


Concentrator A computer that consolidates the signals from any slower speed 


transmission lines into a single faster line or performs the reverse function, 


Concurrent Processing The capability of a computer to share memory with several programs and 


simultaneously execute the instructions provided by each. 


Condensation The process of reducing the volume of data managed without reducing the logical 
consistency of data. It is essentially different than compaction in that condensation is done at the record level 


whereas compaction is done at the system level. 


Condition Test A comparison of two data items in a program to determine whether one value is equal to, 


less than, or greater than the second value. 


Conditional Branch The alteration of the normal sequence of program execution following the 


text of the contents of a memory area. 
Conditional Formatting Highlights the information in a cell that meets some specified criteria. 
Conductor A material that allows the easy transfer of electrons from one atom to another. 


Confidence in Cyber Space Air-Gapped Environment Security measure that isolates a secure 


network from unsecure networks physically, electrically, and electromagnetically. 


Confidence Confidence in electronic interactions can be significantly increased by solutions that address 
the basic requirements of integrity, confidentiality, authentication, authorization and access management or 


access control. 
Confidentiality Loss The compromise of sensitive, restricted, or classified data or software. 


Confidentiality The property that information is not disclosed to system entities (users, processes, devices) 
unless they have been authorized to access the information; Preserving authorized restrictions on information 


access and disclosure, including means for protecting personal privacy and proprietary information, 
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Configuration Control Process of controlling modifications to hardware, firmware, software, and 
documentation to protect the information system against improper modification prior to, during, and after 


system implementation. 


Configuration Management The use of procedures appropriate for controlling changes to a system’s 
hardware, software, or firmware structure to ensure that such changes will not lead to a weakness or fault in 
the system. 

Configuration Manager The individual or organization responsible for configuration control or 


configuration management. 
Confinement Channel Covert Channel. 


Confinement (1) Confining an untrusted program so that it can do everything it needs 
to do to meet the user’s expectation, but nothing else. (2) Restricting an untrusted program from accessing 
system resources and executing system processes. Common confinement techniques include DTE, least 


privilege, and wrappers. 
Connected Mode The state of user equipment switched on and an RRC connection established. 
Connection A communication channel between two or more endpoints (e.g., terminal, server, etc.). 


Connectionless ©The model of interconnection in which communication takes place without first establishing 
a connection, Sometimes (imprecisely) called datagram. Examples: Internet IP and OSI CLNP, UDP, ordinary 


postcards, 


Connection-Oriented The model of interconnection in which communication proceeds through 


three well-defined phases connection establishment, data transfer, and connection release. Examples: X.25, 


Internet TCP and OSI TP4, ordinary telephone calls. 


Connectivity Software Enables a computer to “dial up” or connect to another computer. 
Connectivity The uninterrupted availability of information paths for the effective performance of C2 
functions. 

Consent Explicit permission, given to a Web site by a visitor, to handle her personal information in 


specified ways. Web sites that ask users to provide personally identifiable information should be required to 
obtain “informed consent,” which implies that the company fully discloses its information practices prior to 


obtaining personal data or permission to use it. 


Consequence The effect of an event, incident, or occurrence. In cybersecurity, the effect 
of a loss of confidentiality, integrity or availability of information or an information system on an 


organization’s operations, its assets, on individuals, other organizations, or on national interests. 


Consistency Logical coherency among all integrated parts; also, adherence to a given set of instructions or 
rules. 
Console Operator Someone who works at a computer console to monitor operations and 


initiate instructions for efficient use of computer resources. 
Constant A value in a computer program that does not change during program execution. 


Construct An object; especially a concept that is constructed or synthesized from simple elements. 
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Consumer Electronics Any electronic/electrical devices, either AC- or battery-powered, which are 
not part of the facility infrastructure. Some examples are radios, televisions, electronic recording or playback 


equipment, PA systems, paging devices, and dictaphones. 


Consumerization A new model in which emerging technologies are first embraced by the consumer market and 


later spread to the business. 


Consumers Traditionally, the ultimate user or consumer of goods, ideas, and services. However, the term 


also is used to imply the buyer or decision maker as well as the ultimate consumer. 
Container The file used by a virtual disk encryption technology to encompass and protect other files. 
Containment Actions taken to limit exposure after an incident has been identified and confirmed. 


Contamination Type of incident involving the introduction of data of one security classification or security 


category into data of a lower security classification or different security category. 


Content Filtering A content-filtering application accepts or rejects data by relying on a pattern through which 
data is blocked or allowed to pass through the filter. It is mainly used on the Internet to prevent access to 
certain sites, for example by parents who do not want their children to visit adult sites. There are two main 
content filtering methods - URL list filtering and word-matching filtering. URL list filtering depends on the 
use of an allowed site and blocked site list. Word-matching filtering relies on finding and blocking 


inappropriate words and phrases. 


Content of Communication Link A communication channel for HI3 information between a mediation 


function and an LEMF. 
Content Provider A company providing services to mobile phone users or network operators. 


Content, Contact, Conduct First coined by Sonia Livingstone in 2011, online (or ‘cyber’) risk is now 
often framed within these three broad categories. People may come across pornographic, racist, violent content; 
they may encounter potentially risky contacts; and they may engage in a variety of risky conduct where they are 


perpetrators, victims, or both, like cyberbullying or sexting. 


Contention Occurs during multiple access to a network in which the network capacity is allocated on a 


“first come, first served” basis. 


Context Object In a cryptographic library, a data object that holds the intermediate state associated with the 
cryptographic processing of a piece of data. For example, if incrementally hashing a string, a context object 


stores the internal state of the hash function necessary to process further data. 


Contextual Information Information derived from the context in which an access is made (for 


example, time of day). 


Contingency Key Key held for use under specific operational conditions or in support of specific contingency 


plans. 


Contingency PlanAny plan that lays down activities and processes to be enacted or followed when a particular 
event occurs. For instance, an organisation may put in place a contingency plan for a flu epidemic, for a 


specific building being inaccessible due to inclement weather, or for a key server being unavailable. 


Contingency procedure Procedure which is an alternative to the normal procedure in case of an 


occurrence of an unusual but assumed situation. 
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Continuity The uninterrupted availability of information paths for the effective performance of 


organizational function. 


Continuous Monitoring The process implemented to maintain a current security status for one or 
more information systems or for the entire suite of information systems on which the operational mission of 
the enterprise depends. The process includes: (1) The development of a strategy to regularly evaluate selected 
IA controls/metrics, (2) Recording and evaluating IA relevant events and the effectiveness of the enterprise in 
dealing with those events, (3) Recording changes to IA controls, or changes that affect IA risks, and (4) 
Publishing the current security status to enable information-sharing decisions involving the enterprise. 


Maintaining ongoing awareness to support organizational risk decisions. 
Continuous-Mode Operation Systems that are operational continuously, 24 hours a day, 7 days a week. 


Control Break — A point during program processing at which some special processing event takes place. A 


change in the value of a control field within a data record is characteristic of a control break. 
Control Field A field of data within a record used to identify and classify a record. 


Control Information Information that is entered into a cryptographic module for the purposes 


of directing the operation of the module. 
Control Logic — The specific order in which processing functions are carried out by a computer. 
Control Signals Computer-generated signals for the automatic control of machines and processes. 


Control Statement A command in a computer program that establishes the logical sequence of 


processing operations. 
Control StructureA program that contains a logical construct of sequences, repetitions, and selections. 


Control Totals Accumulations of numeric data fields that are used to check the accuracy of the input, 


processing, or output data. 


Control Unit A component of the CPU that evaluates and carries out program 


processing and execution. 


Control Zone The space surrounding equipment that is used to process sensitive 
information and that is under sufficient physical and technical control to preclude an unauthorized entry or 


compromise. 


Control The means of managing risk, including policies, procedures, guidelines, practices or 


organizational structures, which can be of an administrative, technical, management, or legal nature. 
Controllability | The ability to control the situation following a failure. 


Controllable Isolation Controlled sharing in which the scope or domain of authorization can be 


reduced to an arbitrarily small set or sphere of activity. 


Controlled Access Area Physical area (e.g., building, room, etc.) to which only authorized 
personnel are granted unrestricted access. All other personnel are either escorted by authorized personnel or are 


under continuous surveillance. 
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Controlled Access Protection Minimum set of security functionality that enforces access control on 
individual users and makes them accountable for their actions through login procedures, auditing of security- 


relevant events, and resource isolation. 


Controlled Area Any area or space for which the organization has confidence that the physical and procedural 
protections provided are sufficient to meet the requirements established for protecting the information and/or 


information system, 


Controlled Interface A boundary with a set of mechanisms that enforces the security policies 


and controls the flow of information between interconnected information systems. 


Controlled Security Mode A system is operating in the controlled security mode 
when at least some users with access to the system have neither a security clearance nor a need-to-know for all 
classified material contained in the system. However, the separation and control of users and classified material 
on the basis, respectively, of security clearance and security classification are not essentially under operating 


system control as in the multilevel security mode. 


Controlled Sharing The condition that exists when access control is applied to all users and 


components of a resource-sharing computer system. 


Controlled Shipment The transport of material from the point at which the destination of the 
material is first identified for a site, through installation and use, under the continuous 24-hour control of 


Secret cleared U.S. citizens or by DS-approved technical means and seal. 


Controlled Space Three-dimensional space surrounding information system equipment, within which 
unauthorized individuals are denied unrestricted access and are either escorted by authorized individuals or are 


under continuous physical or electronic surveillance. 


Controlling Authority Official responsible for directing the operation of a cryptonet and for 


managing the operational use and control of keying material assigned to the cryptonet. 

Conversational Program A program that permits interaction between a computer and a user. 
Conversion Rate The percentage of customers who visit a Web site and actually buy something. 
Conversion The process of replacing a computer system with a new one. 


Cookie A piece of state information supplied by a Web server to a browser, in a response for a 
requested resource, for the browser to store temporarily and return to the server on any subsequent visits or 
requests. Data exchanged between an HTTP server and a browser (a client of the server) to store state 


information on the client side and retrieve it later for server use. 


COOP Continuity of Operations Plan. A predetermined set of instructions or procedures that 
describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 
days as a result of a disaster event before returning to normal operations. Management policy and procedures 
used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The 
COOP is the third plan needed by the enterprise risk managers and is used when the enterprise must recover 
(often at an alternate site) for a specified period of time. Defines the activities of individual departments and 
agencies and their sub-components to ensure that their essential functions are performed. This includes plans 


and procedures that delineate essential functions; specifies succession to office and the emergency delegation of 
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authority; provide for the safekeeping of vital records and databases; identify alternate operating facilities; 


provide for interoperable communications, and validate the capability through tests, training, and exercises. 


Cooperative Key Generation Electronically exchanging functions of locally generated, random 
components, from which both terminals of a secure circuit construct traffic encryption key or key encryption 


key for use on that circuit. 


Cooperative Processing The ability to distribute resources (i.c., programs, files, and databases) 


across the network. 
COP Cryptographic operation. 


Copy An accurate reproduction of information contained on an original physical item, 


independent of the original physical item. 
Copyright The author or artist’s right to control the copying of his or her work. 


COR Central Office of Record. Office of a federal department or agency that keeps records of 
accountable COMSEC material held by elements subject to its oversight. 


CORBA Security The Object Management Group standard that describes how to secure CORBA 


environments. 


CORBA Common Object Request Broker Architecture, introduced in 1991 by the OMG, defined 
the Interface Definition Language (IDL) and the Application Programming Interfaces (APIs) that enable 
client/server object interaction within a specific implementation of an Object Request Broker (ORB). 


CORF Comprehensive Outpatient Rehabilitation Facility. 


Corporate Security Policy The set of laws, rules and practices that regulate how assets including 


sensitive information are managed, protected and distributed within a user organization. 


Corrective ActionThe practice and procedure for reporting, tracking, and resolving identified problems, in 


both the software product and the development process. Their resolution provides a final solution to the 


identified problem. 

Corrective Maintenance The identification and removal of code defects. 

Correctness Proof A mathematical proof of consistency between a specification and its 
implementation. 

Correctness The extent to which software is free from design and coding defects (i.e., fault free). Also, 


the extent to which software meets its specified requirements and user objectives. 


Corruption Departure from an original, correct data file or correctly functioning system to an improper 
state. 
Cost-Risk Analysis The assessment of the cost of potential risk of loss or compromise of data 


in a computer system without data protection versus the cost of providing data protection. It is a process of 
determining the economic feasibility of developing a system on the basis of a comparison of the projected 


costs of a proposed system and the expected benefits from its operation, 


COT Chain of Trust. 
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COTS Software Commercial Off The Shelf Software. Software that is prepackaged and sold as a commodity 
rather than custom written for a specific user/ organization or purpose. Examples include operating systems, 


database management programs, email servers, application servers and office product suites. 
COTS Commercial Off-the-Shelf Software. 


Counter Mode A parallelizable encryption mode that effectively turns a block cipher into a stream cipher. It 
is a popular component in authenticated encryption schemes due to its optimal security bounds and good 


performance characteristics. 


Counter Terrorist Check One of the levels of UK National Security Clearance, a CTC involves all 
aspects of the BPSS, plus additional checks on departmental/ company records, with one of the criminal 


records agencies and with the Security Service. 
Counterfeit Software Software that is manufactured to look like the real thing and sold as such. 


Counterfeits Duplicates that are copied and packaged to resemble the original as closely as possible. The 
original producer's trademarks and logos are reproduced in order to mislead the consumer into believing that 


they are buying an original product. 


Countermeasure Actions, devices, procedures, or techniques that meet or oppose (i.e., counters) a threat, a 
vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by 


discovering and reporting it so that corrective action can be taken, 


Coupling The manner and degree of interdependence between software modules. Types include 
common environment coupling, content coupling, control coupling, data coupling, hybrid coupling, and 


pathological coupling. 


Courseware Computer programs used to deliver educational materials within computer-assisted 


instruction systems. 
COV Tests, coverage. 


Cover Escrow An extraction process method that needs both the original piece of information and the 


encoded one in order to extract the embedded data. 


Cover Medium The medium in which we want to hide data; it can be an innocent looking piece of 
information for steganography, or an important medium that must be protected for copyright or integrity 


reasons, 


Coverage An attribute associated with an assessment method that addresses the scope or breadth of the 
assessment objects included in the assessment (e.g., types of objects to be assessed and the number of objects to 
be assessed by type). The values for the coverage attribute, hierarchically from less coverage to more coverage, 


are basic, focused, and comprehensive. 


Cover-Coding A technique to reduce the risks of eavesdropping by obscuring the information that is 


transmitted. 


Covered Critical Infrastructure Refers to critical infrastructure that would be subject to protections and 


conditions outlined under the Cybersecurity Act of 2012. 


Covert Channel Analysis Determination of the extent to which the security policy model and 


subsequent lower-level program descriptions may allow unauthorized access to information. 


69 


Xingan Li & Peilin Li 


Covert Channel Any means by which unauthorised communication can take place unobserved through 
exploitation of flaws or inherent features of other technologies, or occasionally by use of malicious code 
inserted into an application. There are numerous ways covert communication can be achieved, and detection of 
covert channels is notoriously difficult. For example, messages could be included in the "dead space" within 
network packets, tagged on to the end of HTTP headers, or embedded in any other legitimate communication. 
Mote surreptitious channels could be developed by using the timing of other messages (e.g. Morse code used 
in blinking text in a Word document) or even by the omission or modification of other legitimate information 


(perhaps an occasional typo in a Web page inferring a hidden meaning). 


Covert Storage Channel A covert channel that involves the direct or indirect writing of a storage 
location by one process and the direct or indirect reading of the storage location by another process. Covert 


storage channels typically involve a finite resource that is shared by two subjects at different security levels. 


Covert Testing Testing performed using covert methods and without the knowledge of the organization’s 


IT staff, but with the full knowledge and permission of upper management. 


Covert Timing Channel A covert channel in which one process signals information to another by 
modulating its own use of system resources in such a way that this manipulation affects the real response time 


observed by the second process. 
CP Certificate Policy. 


CPE Common Platform Enumeration. A SCAP specification that provides a standard naming 
convention for operating systems, hardware, and applications for the purpose of providing consistent, easily 


parsed names that can be shared by multiple parties and solutions to refer to the same specific platform type. 


CPFR Collaborative Planning, Forecasting, and Replenishment. 
CPNI Centre for the Protection of National Infrastructure. 
CPS Certification Practice Statement. A listing of the practices that a Certification Authority 


employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance 
with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a 


contract for services); Software and hardware security tests conducted during development of an information 


system. 
CPT Current Procedural Terminology. 
CPU Central Processing Unit. The integrated circuit responsible for executing instructions, 


performing calculations and other data manipulations in a computer. It is the part of a computer that performs 
the logic, computation, and decision-making functions. It interprets and executes instructions as it receives 


them. PCs have one CPU, typically a single chip. 


CRA Credit reporting agency; the three largest in the US are Experian, Equifax and Transunion. 
CRA's maintain historical information pertaining to credit experience on individuals or businesses. They 
collect data from various sources, most commonly credit card companies, banks and credit unions, along with 


other businesses that extend credit. They also collect information from public records, such as bankruptcies. 


Crackers An individual with extensive computer knowledge whose purpose is to breach or bypass 


internet security. The general view is that, while hackers build things, crackers break things. 
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CRAM A password-based authentication mechanism using a cryptographic hash function (usually 
MDS). It does not provide adequate protection against several common threats to password-based 
authentication systems. HTTP Digest Authentication is a somewhat better alternative; it is replacing CRAM 


in most places. 


Crash-Proof Software Utility software that helps save information if the system crashes and the 


user is forced to turn it off and then back on. 
CRC (1) Certification and Repair Center. 


CRC (2) Cyclic Redundancy Check. A means of determining whether accidental transmission errors 
have occurred. Such algorithms are not cryptographically secure because attackers can often forge CRC values 
or even modify data maliciously in such a way that the CRC value does not change. Instead, one should use a 


strong, keyed message authentication code such as HMAC or OMAC. 


Credential Information used to identify and authenticate a user for access to a system. For example, 
credentials are often the user name and password. Credentials may include a fingerprint, retina scan, or a one- 
time number generated by a portable “token-generator.” Security is stronger when access requires multiple 


credentials. 


Credit Freeze The locking of the data at the credit reporting agencies (CRAs) thus 


preventing new creditors (banks, credit card companies, other lenders) from viewing a credit report or score. 


Creeping Similar to stalking in the real world, creeping is intently following someone online through 


their status updates, profiles, photos, etc. 


CREST Standing for the Council of Registered Ethical Security Testers, this is one of two 
organisations in the UK (the other being TIGER that enable professionals in the security testing (or 
penetration testing) industry to prove their expertise, by paying to take theoretical examinations and practical 


tests. There are different flavours and levels of qualification, some of which enable testers to operate as part of 


a CHECK team. 


Crimeware Software tools designed to aid criminals in perpetrating online crime. Refers only to 
programs not generally considered desirable or usable for ordinary tasks. Thus, while a criminal may use 
Internet Explorer in the commission of a cybercrime, the Internet Explorer application itself would not be 


considered crimeware. 


Crippleware Any software (or service) that disables itself (or key functions) after a certain amount of 
time (perhaps after a 'trial’ period), or until a fee is paid (e.g. an upgrade from a "Lite" version to the "Full" 


version). 


Crisis Management The process of managing an institution’s operations in response to an 
emergency or event that threatens business continuity. An institution’s ability to communicate with employees, 
customers, and the media, using various communications devices and methods, is a key component of crisis 


management. 


Critical Extensions In an X.509 certificate, those extensions that must be recognized by any 
software processing the certificate. If a piece of software does not recognize an extension marked as critical, the 


software must regard the certificate as invalid. 
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Critical Infrastructure Critical infrastructure are the assets, systems, and networks, whether 
physical or virtual, so vital to the state that their incapacitation or destruction would have a debilitating effect 
on security, national economic security, national public health or safety, or any combination thereof. The 
Department of Homeland Security currently identifies I8 critical infrastructure sectors, including 
transportation, electricity, financial services, and nuclear power. Most critical infrastructure entities are 


dependent upon computer networks and therefore vulnerable to cyberattacks. 


Critical National Infrastructure This is the set of national facilities, services, sites and systems on which 


normal daily life depends. 


Critical Path A tool used in project management techniques and is the duration based on the sum of the 
individual tasks and their dependencies. The critical path is the shortest period in which a project can be 


accomplished. 


Critical Software A defined set of software components that have been evaluated and whose continuous 
operation has been determined essential for safe, reliable, and secure operation of the system. Critical software 
is composed of three elements: (1) safety-critical and safety-related software, (2) reliability-critical software, 
and (3) security-critical software. 


Critical System The systems and assets, whether physical or virtual, that are so vital that the incapacity or 


destruction of such may have a debilitating impact. 


Critical Thinking The use of thinking processes to filter information or beliefs and actions. It enables 


decisions about whether a claim is always true, sometimes true, partly true, or false. 


Criticality Analysis An analysis or assessment of a business function or security vulnerability 
based on its criticality to the organization’s business objectives. A variety of criticality may be used to illustrate 


the criticality. 


Criticality Level Refers to the (consequences of) incorrect behavior of a system. The more serious the 


expected direct and indirect effects of the incorrect behavior, the higher the criticality level. 


Criticality The severity of the loss of either data or system functionality. Involves judicious evaluation 


of system components and data when a property or phenomenon undergoes unwanted change. 


CRITs Collaborative Research into Threats. CRITs (Collaborative Research Into Threats) is an 
open source malware and threat repository that leverages other open source software to create a unified tool 
for analysts and security experts engaged in threat defense. It’s used in hundreds of organizations so internal 


groups can work cooperatively to centralize their intelligence. 
CRL Certificate Revocation List. 


Cross Certificate A certificate issued from a CA that signs the public key of another CA not within its trust 
hierarchy that establishes a trust relationship between the two CAs. A certificate used to establish a trust 


relationship between two Certification Authorities. 


Cross Certification Practice of mutual recognition of another certification authority is 


certificates to an agreed level of confidence. Usually evidenced in contract. 


Cross Domain Capabilities The set of functions that enable the transfer of information between 


security domains in accordance with the policies of the security domains involved. 
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Crossover The process within a genetic algorithm where portions of the good outcome are combined in 


the hope of creating an even better outcome. 
Crosstalk An unwanted transfer of energy from one communications channel to another. 


Crowd-Sourcing The practice of obtaining needed services, ideas, or content by soliciting contributions from 


a large group of people and especially from the online community. 


CRR Certification Requirements Review. The review conducted by the DAA, Certifier, program 
manager, and user representative to review and approve all information contained in the System Security 


Authorization Agreement (SSAA). The CRR is conducted before the end of Phase I. 


CRT Cathode-Ray Tube. 
CRUD Create, Read, Update, Delete. The four primary procedures or ways a system can manipulate 
information. 


Cryptanalysis Operations performed in defeating encryption without an initial knowledge of the key 
employed in providing the protection), Operations performed in defeating cryptographic protection without 
an initial knowledge of the key employed in providing the protection; the study of mathematical techniques 
for attempting to defeat cryptographic techniques and/or information systems security. This includes the 


process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself. 


Crypto Officer An operator or process (subject), acting on behalf of the operator, performing cryptographic 


initialization or management functions. 


CRYPTO Marking or designator identifying COMSEC keying material used to secure or authenticate 


telecommunications carrying classified or sensitive U.S. government or U.S. government-derived information. 


Cryptographic Alarm Circuit or device that detects failures or aberrations in the logic or 
operation of crypto-equipment. Crypto-alarm may inhibit transmission or may provide a visible and/or 


audible alarm. 


Cryptographic Algorithm A method of performing a cryptographic transformation on a data unit. 
Cryptographic algorithms may be based on symmetric key methods (the same key is used for both encipher 
and decipher transformations) or on asymmetric keys (different keys are used for encipher and decipher 


transformations). 


Cryptographic Ancillary Equipment Equipment designed specifically to facilitate efficient or 
reliable operation of cryptographic equipment, without performing cryptographic functions itself. 


Cryptographic Binding Associates two or more related elements of information using 


cryptographic techniques. 


Cryptographic Boundary An explicitly defined continuous perimeter that establishes the physical 
bounds of a cryptographic module and contains all the hardware, software, and/or firmware components of a 
cryptographic module. 

Cryptographic Checkvalue Information that is derived by performing a 


cryptographic transformation on a data unit. 
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Cryptographic Component Hardware or firmware embodiment of the cryptographic 
logic. A cryptographic component may be a modular assembly, a printed wiring assembly, a microcircuit, or a 


combination of these items. 
Cryptographic Equipment Is equipment that embodies a cryptographic logic. 


Cryptographic Hash Function A function that maps a bit string of arbitrary length to a fixed length bit 
string, Approved hash functions satisfy the following properties (1) (One-way) It is computationally infeasible 
to find any input which maps to any pre-specified output, and (2) (Collision resistant) It is computationally 
infeasible to find any two distinct inputs that map to the same output. 


Cryptographic Initialization Function used to set the state of a cryptographic logic prior to key 


generation, encryption, or other operating mode. 


Cryptographic Key A parameter used in conjunction with a cryptographic algorithm that 
determines the transformation of plaintext data into ciphertext data, the transformation of ciphertext data into 
plaintext data, a digital signature computed from data, the verification of a digital signature computed from 


data, an authentication code computed from data, or an exchange agreement of a shared secret. 


Cryptographic Logic The embodiment of one (or more) cryptographic algorithm(s) along with 


alarms, checks, and other processes essential to effective and secure performance of the cryptographic processes. 


Cryptographic Material All COMSEC material bearing the marking “CRYPTO” or otherwise 


designated as incorporating cryptographic information. 


Cryptographic Module Security Policy A precise specification of the security rules under which 
a cryptographic module will operate, including the rules derived from the requirements of this standard (FIPS 
140-2) and additional rules imposed by the vendor. 


Cryptographic Net Stations holding a common key. 
Cryptographic Period Time span during which each key setting remains in effect. 
Cryptographic Product A cryptographic key (public, private, or shared) or public key certificate, 


used for encryption, decryption, digital signature, or signature verification; and other items, such as 
compromised key lists (CKL) and certificate revocation lists (CRL), obtained by trusted means from the same 
source which validate the authenticity of keys or certificates. Protected software which generates or regenerates 


keys or certificates may also be considered a cryptographic product. 


Cryptographic Randomization Function that randomly determines the transmit state of a cryptographic 
logic. 
Cryptographic Randomness Data produced by a cryptographic pseudo-random number generator. The 


probability of figuring out the internal state of the generator is related to the strength of the underlying 
cryptography i.e., assuming the generator is seeded with enough entropy. 
Cryptography — The science of providing secrecy, integrity, and non-repudiation for data. 


Cryptographic Security Component of COMSEC resulting from the provision of technically 
sound cryptographic systems and their proper use. 


Cryptographic Strength A measure of the expected number of operations required to defeat a 


cryptographic mechanism. 
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Cryptographic Synchronization Process by which a receiving decrypting cryptographic logic attains the 


same internal state as the transmitting encrypting logic. 


Cryptographic System Analysis Process of establishing the exploitability of a cryptographic system, 


normally by reviewing transmitted traffic protected or secured by the system under study. 


Cryptographic System Review Examination of a cryptographic system by the controlling authority 


ensuring its adequacy of design and content, continued need, and proper distribution. 


Cryptographic System Survey Management technique in which actual holders of a cryptographic system 


express opinions on the system's suitability and provide usage information for technical evaluations. 


Cryptographic System The documents, devices, equipment, and associated techniques that are 


used as a unit to provide a single means of encryption. 


Cryptographic token A portable, user-controlled, physical device (e.g., smart card or PCMCIA 


card) used to store cryptographic information and possibly also perform cryptographic functions. 
Cryptographic Pertaining to, or concerned with, cryptography. 


Cryptography Cryptography is the process of converting data into a secret code for transmission over a 


public network. The original text is converted into coded text, or cipher text, by an encryption algorithm. 








Cryptography, known as the science for keeping data secure, provides the ability to store information or to 
communicate between parties in such a way that prevents other non-involved parties from understanding the 
stored information or accessing and understanding the communication. The encryption process takes 
understandable text and transforms it into an unintelligible piece of data (called ciphertext); the decryption 
process restores the understandable text from the unintelligible data. Both involve a mathematical formula or 
algorithm and a secret sequence of data called a key. Cryptographic services provide confidentiality (keeping 
data secret), integrity (preventing data from being modified), authentication (proving the identity of a resource 
or a user), and non-repudiation (providing proof that a message or transaction was sent and/or received). 
There are two types of cryptography: In shared/secret key (symmetric) cryptography there is only one key that 
is a shared secret between the two communicating parties. The same key is used for encryption and decryption. 
In public key (asymmetric) cryptography different keys are used for encryption and decryption. A party has 
two keys --a public key and a private key. The two keys are mathematically related, but it is virtually 
impossible to derive the private key from the public key. A message that is encrypted with someone's public 
key (obtained from some public directory) can only be decrypted with the associated private key. Alternately, 
the private key can be used to "sign" a document; the public key can be used as verification of the source of 


the document. 


Cryptology The science that deals with hidden, disguised, or encrypted communications. It includes 
communications security and communications intelligence. The mathematical science that deals with 


cryptanalysis and cryptography. 


Cryptolope An IBM product which means “cryptographic envelope”. Cryptolope objects are used for 
secure, protected delivery of digital content by using encryption and digital signatures. 


Cryptosystem A general term referring to a set of cryptographic primitives used to provide information 


security services. 


CSA Certificate Status Authority. 
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CSF Critical Success Factor. A factor simply critical to the organization’s success. 
CSI Computer Security Institute. 
CSIRT Computer Security Incident Response Team. A capability set up for the purpose of assisting 


in responding to computer security-related incidents. 


CSMA Carrier Sense, Multiple Access. A multiple-station access scheme for avoiding contention in 
packet networks in which each station can sense the presence of carrier signals from other stations and thus 


avoid transmitting a packet that would result in a collision. 


CSMA/CD Carrier Sense Multiple Access/Collision Detect. 


CSN Central Services Node. 
CSNP Complete Sequence Number PDU. 
CSO Computer Security Object. A resource, tool, or mechanism used to maintain a condition of 


security in a computerized environment. These objects are defined in terms of attributes they possess, 


operations they perform or are performed on them, and their relationship with other objects. 


CSP Credential Service Provider. A trusted entity that issues or registers Subscriber tokens 
and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and 
Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use. 


CSP Critical Security Parameter. Security-related information (e.g., secret and private 
cryptographic keys, and authentication data such as passwords and Personal Identification Numbers [PINs]) 


whose disclosure or modification can compromise the security of a cryptographic module. 
CSPDN Circuit-switched public data network. 


CSRF Cross-Site Request Forgery. CSRF is an attack which forces an end user to execute 
unwanted actions on a web application in which he/she is currently authenticated. With little help of social 
engineering (like sending a link via email/ chat), an attacker may force the users of a web application to execute 
actions of the attackers choosing. A successful CSRF exploit can compromise end user data and operation in 
case of normal user. If the targeted end user is the administrator account, this can compromise the entire web 


application. 


CSS Cross-site scripting. Generally, however, this is abbreviated to XSS in order to avoid 


confusion with cascading style sheets. 


CSU Channel Service Unit or Digital Service Unit (DSU). Devices used to interface between 


transmitting equipment and the external circuit in the wide area network that will carry the information. 


CT&E Certification Test and Evaluation. Software and hardware security tests conducted during 


development of an information system. 


CTAK Cipher Text Auto-Key. Cryptographic logic that uses previous cipher text to generate a key 
stream. 

CTC Counter Terrorist Check. 

CTI Computer-Telephony Integration. 
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CTS Clear to send. 
CITA Certified TEMPEST Technical Authority. An experienced, technically qualified U.S. 


government employee who has met established certification requirements in accordance with CNSS-approved 


criteria and has been appointed by a U.S. government department or agency to fulfill CTTA responsibilities. 
CUD Caller user data (X.25). 


CUI Controlled Unclassified Information. A categorical designation that refers to unclassified 
information that does not meet the standards for National Security Classification under Executive Order 
12958, as amended, but is (4) pertinent to the national interests of the United States or to the important 
interests of entities outside the federal government, and (ii) under law or policy requires protection from 


unauthorized disclosure, special handling safeguards, or prescribed limits on exchange or dissemination. 


Henceforth, the designation CUI replaces "Sensitive But Unclassified" (SBU). 


Culture The collective personality of a nation, society, or organization, encompassing language, 


traditions, currency, religion, history, music, and acceptable behavior, among other things. 


Current A measure of how much electricity passes a point on a wire in a given time frame. Current is 


measured in amperes or amps. 


Custodian An individual who has possession of or is otherwise charged with the responsibility for 


safeguarding and accounting for classified information. 


Custom Auto Filter Function Allows one to hide all the rows in a list except those that match criteria 
specified. 
Customer Relationship Management (CRM) CRM entails all aspects of service and sales interactions 


a company has with its customer. CRM often involves personalizing online experiences, helpdesk software, 


and e-mail organizers. 


Customer Service and Technical Support Cybersecurity work where a person installs, configures, 
troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., 


tiered-level customer support). 


Customer-Integrated System An extension of a TPS that places technology in the hands of an 


organization’s customers and allows them to process their own transactions. 
Customers The actual or prospective purchaser of products or services. 


CVE Common Vulnerabilities and Exposures. A dictionary of common names for publicly known 
information system vulnerabilities. An SCAP specification that provides unique, common names for publicly 
known information system vulnerabilities. Through the use of unique identifiers, the CVE catalogues and 
documents known Information Security vulnerabilities in software, systems, protocols, etc. so that they can be 
referred to using a common terminology across the industry. The reference information is managed within a 


central system to which anyone can refer (maintained by MITRE with funding from US security authorities), 


CVSS Common Vulnerability Scoring System. An SCAP specification for communicating the 


characteristics of vulnerabilities and measuring their relative severity. 


Cyber Attack Attempts to damage, disrupt, or gain unauthorized access to a computer, 


computer system, or electronic communications network. An attack, via cyberspace, targeting an enterprise’s 
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use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing 


environment or infrastructure; or destroying the integrity of the data or stealing controlled information. 


Cyber Attack Any type of offensive maneuver to break into a computer or system. Cyber-attacks can range 
from installing spyware on a PC, breaking into a payment system to steal card data, or attempting to break 


critical infrastructure such as an electric power grid. 


Cyber Bullying Any form of harassment, threat, or humiliation done through the internet or other 


communication devices which are deliberately aimed at another person. 


Cyber Crime In its broadest definition, cybercrime includes all crime perpetrated with or involving a 
computer, Symantec defines it as any crime that is committed using a computer or network, or hardware device. 
The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime. 


The crime may take place on the computer alone or in addition to other locations. 


Cyber Defense The integrated application of DoD on cyberspace capabilities and processes to synchronize 
in real-time the ability to detect, analyze and mitigate threats and vulnerabilities, and outmaneuver adversaries, 
in order to defend designated networks, protect critical missions, and enable US freedom of action. Cyber 
Defense includes: Proactive NetOps (e.g., configuration control, information assurance (IA) measures, physical 
security and secure architecture design, intrusion detection, firewalls, signature updates, encryption of data at 
rest); Defensive Counter Cyber (DCC) Includes military deception via honeypots and other operations; and 
redirection, deactivation, or removal of malware engaged in a hostile act/ imminent hostile act. Defensive 


Countermeasures. 


Cyber Ecosystem The interconnected information infrastructure of interactions among persons, processes, data, 
and information and communications technologies, along with the environment and conditions that influence 


those interactions. 


Cyber Espionage the act or practice of obtaining secrets (sensitive, proprietary or classified information) from 
individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic 
advantage using illegal exploitation methods on internet, networks, software and or computers. Classified 
information that is not handled securely can be intercepted and even modified, making espionage possible 


from the other side of the world. 


Cyber Event A cybersecurity change or occurrence that may have an impact on organizational operations 


(including mission, capabilities, or reputation). 


Cyber Exercise A planned event during which an organization simulates a cyber disruption to develop or 


test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption. 


Cyber Incident Actions taken through the use of computer networks that result in an actual or potentially 


adverse effect on an information system and/or the information residing therein. 


Cyber Infrastructure An electronic information and communications systems and services and 
the information contained therein. The information and communications systems and services composed of all 
hardware and software that process, store, and communicate information, or any combination of all of these 
elements. Processing includes the creation, access, modification, and destruction of information. Storage 
includes paper, magnetic, electronic, and all other media types. ? Communications include sharing and 


distribution of information. 
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Cyber Operation The employment of cyber capabilities with the primary purpose of achieving objectives in or 
by the use of cyberspace. 


Cyber Operations Planning The cybersecurity work where a person performs in-depth joint targeting 
and cyber planning process. Gathers information and develops detailed Operational Plans and Orders 
supporting requirements. Conducts strategic and operational-level planning across the full range of operations 


for integrated information and cyberspace operations. 


Cyber Operations The cybersecurity work where a person performs activities to gather evidence on criminal or 
foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or 


insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities. 


Cyber Security as a Public Good = In economics, a public good is a good that is non-rivalrous and non- 
excludable. Non-rivalry means that consumption of the good by one individual does not reduce availability of 
the good for consumption by others; and non-excludability that no one can be effectively excluded from using 


the good. 


Cyber Security as an Externality | Economists define externalities as instances where an individual or firm’s 
actions have economic consequences for others for which there is no compensation. One important distinction 
is between positive and negative externalities. Instances of the latter are most commonly discussed, such as the 
environmental pollution caused by a plant, which may have impacts on the value of neighboring homes. 
Important examples of positive externalities are so common in communications networks that there is a class 
of "network externalities. For instance, the simple act of installing telephone service to one additional 
customer creates positive externalities on everyone on the telephone network because they can now each reach 
one additional person. Several attributes of computer security suggest that it is an externality. Most 
importantly, the lack of security on one machine can cause adverse effects on another. The most obvious 
example of this is from electronic commerce, where credit card numbers stolen from machines lacking security 


are used to commit fraud at other sites. 


Cyber Terrorism Is the use of information technology for attacks or threats by terrorist organizations. The 
broadest definition, created by Kevin Coleman of the Technolytics Institute, classifies cyber terrorism as —the 
premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the 
intention to cause harm or further social, ideological, religious, political, or similar objectives or to intimidate 
any person in the furtherance of such objectives. Is any premeditated, politically motivated attack against 
information, computer systems, computer programs, and data which results in violence against non-combatant 
targets by subnational groups or clandestine agents. A cyber terrorist attack is designed to cause physical harm 


or extreme financial harm. 


Cyber Threat An internal or external circumstance, event, action, occurrence, or person 
with the potential to exploit technology-based vulnerabilities and to adversely impact (create adverse 
consequences for) organizational operations, organizational assets (including information and information 


systems), individuals, other organizations, or society. 


Cyber War any cyber attack that causes widespread harm is cyber war, though that begs the question of 
what constitutes harm psychological, economic, or physical threats; The use of computers to disrupt activities 


of an enemy country, especially the deliberate attacking of communication systems and networks. 


Cyber Warfare Cyber warfare only if they take place alongside actual military operations; Is any virtual 


conflict initiated as a politically motivated attack on an enemy's computer and information systems. Waged via 
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the internet, these attacks disable financial and organizational systems by stealing or altering classified data to 
undermine networks, websites and services. Characteristics: Anonymous; Little cost and resources; Attacks can 
be perpetrated by the few upon the many; Launched from any billions of sources worldwide; Impacts 
immediate and obvious, dormant and subtle; Degree of damage range from inconvenient downtime to life 


threatening destructions of critical infrastructures to government and state paralysis. 


Cyber Strictly, this is an adjective or prefix ("Of, relating to, or characteristic of the culture of 
computers, information technology, and virtual reality"), The term “cyber" means: (A) any process, program, 
or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, ot 
telecommunication via the Internet or an intranet; and (B) any matter relating to, or involving the use of, 


computers or computer networks. 


Cybercitizenship Digital citizenship. More than just having the technical capacity to use technology. It also 
includes having the skills to access, analyse, evaluate and create online content, protect personal or identifying 
information, practice courteous and responsible behavior towards other cybercitizens, and manage potentially 


tisky or dangerous situations. 
Cybercop An investigator of activities related to computer crime. 


Cybercrime Offense Offenses against the confidentiality, integrity, and availability of computer 


data and systems. 


Cybercrime Cybercrime is criminal activity conducted using computers and the Internet, often financially 
motivated. Cybercrime includes identity theft, fraud, and internet scams, among other activities. Cybercrime is 
distinguished from other forms of malicious cyber activity, which have political, military, or espionage 


motivations. 


Cyberespionage Activities conducted in the name of security, business, politics or technology to find 


information that ought to remain secret. It is not inherently military. 


Cyber-Risks Cyber-risks are potential threats to the wellbeing of users of technology 
within the community and include: Cyber-exploitation, the use of the internet to manipulate others for one’s 
own self-serving or dishonest ends (mainly financial and sexual). Cyber-attack, A single or ‘one-off act of 
aggression, denigration or nastiness against a specific student, via technology. Cyber-attacks include, for 
example, cyber-threats, cyber-insults and cyber-humiliation. Cyberbullying, A repeated or sustained pattern of 


intentional cyber-attacks that causes distress, and is directed against a specific student or group. 


Cybersafety Cybersafety refers to the safe and responsible use of the internet and ICT 
equipment/devices, including mobile technologies. In a school or library setting, we mean: The use of a set of 
precautionary policies, practices and actions taken by individuals, schools/libraries and communities to 


prevent harm to users of technologies within the community and promote safe and responsible behaviour. 


Cybersecurity Architecture Describes the structure, components and topology (connections and layout) 
of security controls within an enterprise's IT infrastructure. The security architecture shows how defense-in- 
depth is implemented and how layers of control are linked and is essential to designing and implementing 


security controls in any complex environment. 


Cybersecurity Policy Constitutes strategies and standards regarding the security of operations in 
cyberspace, and encompasses the full range of threat and vulnerability reduction, deterrence, international 


engagement, incident responses, resiliency, and recovery policies and activities. 
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Cybersecurity The activity or process, ability or capability, or state whereby information and 
communications systems and the information contained therein are protected from and/or defended against 
damage, unauthorized use or modification, or exploitation. Strategy, policy, and standards regarding the 
security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability 
reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and 
activities, including computer network operations, information assurance, law enforcement, diplomacy, military, 
and intelligence missions as they relate to the security and stability of the global information and 


communications infrastructure. 


Cyberspace An interactive domain made up of digital networks that are used to store, modify and 
communicate information. It includes the internet, but also the other information systems that support our 
businesses, infrastructure and services. A global domain within the information environment consisting of the 
interdependent network of information systems infrastructures including the Internet, telecommunications 
networks, computer systems, and embedded processors and controllers; A global domain within the virtual 
information environment consisting of the interdependent network of information technology infrastructures 


including the internet, telecommunications networks, computer systems and embedded processors and control. 


Cyber-Squatting The acquisition of a domain name over the internet in bad faith to profit, mislead, destroy 


reputation, and deprive others from registering the same domain name. 


Cyberstalking — Stalking-type behaviors which take place in cyberspace. Examples can include the sending of 


excessive, unwanted emails or posting unwanted messages or comments on social networking sites. 


Cyberterrorism In the most extreme sense of the term, cyberterrorism encompasses a computer-based act (a 


threat or an attack) perpetrated with the express intent of inspiring fear and performed in the name of some 


sort of ideology. 
CybOX Cyber Observable Expression, a standard language for cyber observables 
Cycle One complete sequence of an event or activity. Often refers to electrical phenomena. One 


electrical cycle is a complete sine wave. 


D2 A rating provided by the NCSC for PC security subsystems that corresponds to the features 
of the C2 level. A computer security subsystem is any hardware, firmware and software which are added to a 


computer system to enhance the security of the overall system. 
DA Destination Address. 


DAA Delegated Accrediting Authority. Designated accrediting authority, designated approval 


authority. Official with the authority to formally assume responsibility for operating a system at an acceptable 
level of risk. 


DAC (1) Discretionary Access Controls. 

DAC (2) Dual Attached Concentrator. 

DACL Discretionary Access Control List. In a Windows ACL, a list that determines access rights to 
an object. 

Damage Loss, injury, or deterioration caused by the negligence, design, or accident of one person to 


another, in respect of the latter’s person or property; the harm, detriment, or loss sustained by reason of an 


injury. 
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DAP Database Activity Monitoring and Protection, is a database security technology for 
monitoring and analyzing database activity that operates independently of the database management system 
(DBMS) and does not rely on any form of native (DBMS-resident) auditing or native logs such as trace or 
transaction logs. DAM is typically performed continuously and in real-time. Database activity monitoring and 
prevention (DAMP) is an extension to DAM that goes beyond monitoring and alerting to also block 


unauthorized activities. 


Dark Web The portion of World Wide Web content that is not indexed by standard search engine 
generally attributed to hacking and illegal cyber activities. 


Darknet A darknet is a private, distributed P2P file sharing network where connections are made only 
between trusted peers sometimes called "friends" (F2F) using non-standard protocols and ports. Darknets are 
distinct from other distributed P2P networks as sharing is anonymous (that is, IP addresses are not publicly 


shared), and therefore users can communicate with little fear of governmental or corporate interference. 


DARPA Defense Advanced Research Projects Agency. 
DAS Dual Attachment Station (FDDI, CDDI). 
DASD Direct Access Storage Device. A data storage unit on which data can be accessed directly 


without having to progress through a serial file such as a magnetic tape file. A disk unit is a direct access 


storage device. 
DASS Distributed authentication security service. 


DAST Dynamic Application Security Testing. Technologies designed to detect conditions 
indicative of a security vulnerability in an application in its running state. Most DAST solutions test only the 


exposed HTTP and HTML interfaces of Web-enabled applications. 


Data Administration Subsystem — Helps manage the overall database environment by providing facilities for 


backup and recovery, security management, query optimization, concurrency control, and change management. 


Data Administration The function in an organization that plans for, oversees the development 


of, and monitors the information resoutce. 


Data Aggregation The process of gathering and combining data from different sources, so that the combined 
data reveals new information. The new information is more sensitive than the individual data elements 


themselves and the person who aggregates the data was not granted access to the totality of the information, 


Data Asset Is any entity that is comprised of data. For example, a database is a data asset that is 
comprised of data records. A data asset may be a system or application output file, database, document, or web 
page. A data asset also includes a service that may be provided to access data from an application. For example, 
a service that returns individual records from a database would be a data asset. Similarly, a web site that returns 


data in response to specific queries (e.g., www.weather.com) would be a data asset. 


Data Base A database is a collection of data records. On web databases, records may consist of web 
pages, graphics, audio files, newspaper files, books, movies or anything from very general to very specific areas 


of interest. Database records are usually indexed and come with a search interface to find records of interest. 


Data Breach The unauthorized access or disclosure of sensitive information to a party, usually outside an 


organization, that is not authorized to have or see that information. 
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Data Classification Program A program that categorizes data to convey required safeguards for 
information confidentiality, integrity, and availability; establishes controls required based on value and level of 


sensitivity. 


Data Classification Data classification is the assigning a level of sensitivity to data as they are 
being created, amended, enhanced, stored, or transmitted. The classification of the data should then determine 
the extent to which the data need to be controlled/secured and is also indicative of its value in terms of its 


importance to the organization. 


Data Communications The transmission of data between more than one site through the use of 


public and private communications channels or lines. 
Data Condition A description of the circumstances in which certain data is required. 


Data Contamination A deliberate or accidental process or act that compromises the integrity of 


the original data. 


Data Custodian The individual(s) and department(s) responsible for the storage and safeguarding of 


computerized data. 


Data Dictionary A document or listing defining all items or processes represented in a data flow diagram or 


used in a system. 


Data Diddling | Modifying data for fun and profit; e.g., modifying grades, changing credit ratings, altering 


security clearance information, fixing salaries, or circumventing bookkeeping and audit regulations. 


Data Disclosure A breach for which it was confirmed that data was actually disclosed (not just exposed) to 


an unauthorized party 


Data Element A basic unit of information that has a unique meaning and subcategories (data items) of 


distinct value. Examples of data elements include gender, race, and geographic location. 


Data Encryption Standard An encryption algorithm standardized by the US 
Government. The key length is too short, so this algorithm should be considered insecure. The effective key 
strength is 56 bits; the actual key size is 64 bits, 8 bits are wasted. However, there are variations such as Triple 
DES and DESX that increase security while also increasing the key size. 


Data Flow Analysis A graphic analysis technique to trace the behavior of program variables as 


they are initialized, modified, or referenced during program execution. 


Data Flow Control Information flow control. 

Data Flow Diagram A descriptive modeling tool providing a graphic and logical description of 
a system. 

Data Grids Grids that provide shared data storage. Based on a Catalog where Logical File Names are 


associated to Physical File Names. . 


Data Integrity The property that data has not been altered in an unauthorized manner. Data integrity 
covers data in storage, during processing, and while in transit. The property that data has not been changed, 


destroyed, or lost in an unauthorized or accidental manner. 
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Data Item A discrete representation having the properties that define the data element to which it 
belongs. 
Data Leakage uncontrolled, unauthorized transmission of classified information from a data centre or 


computer system to the outside. Such leakage can be accomplished by physical removal of data storage devices 
(diskettes, tapes, listings, printouts and photographs of screen copies or handwritten notes) or by more subtle 


means such as data hiding (steganography) or even plain old human memory. 


Data Link A serial communications path between nodes or devices without any intermediate switching 


nodes. Also, the physical two-way connection between such devices. 


Data Loss Prevention A strategy for making sure that end users do not send sensitive or critical 
information outside the corporate network. The term is also used to describe software products that help a 


network administrator control what data end users can transfer. 


Data Loss The exposure of proprietary, sensitive, or classified information through either data theft or 


data leakage. 


Data Mapping The process of matching one set of data elements or individual code values to their closest 


equivalents in another set of them. This is sometimes called a cross-walk. 
Data Mart Subset of a data warehouse in which only a focused portion of the data warehouse is stored. 


Data Mining A methodology used by organizations to better understand their customers, products, 


markets, or any other phase of the business. 
Data Model A conceptual model of the information needed to support a business function or process. 


Data Networking Switches Equipment that performs the functions of establishing 


and releasing connections on a data network. 


Data Normalization In data processing, a process applied to all data in a set that produces a 
specific statistical property. It is also the process of eliminating duplicate keys within a database. Useful as 


organizations use databases to evaluate various security data. 


Data Objects Objects or information of potential probative value that are associated 


with physical items. Data objects may occur in different formats without altering the original information. 


Data Origin Authentication The corroboration that the entity responsible for the creation of a set of 


data is the one claimed. 


Data Owner The individual(s), normally a manager or director, who has responsibility for the integrity, 


accurate reporting and use of computerized data. 


Data Profiling The use of information about your lifestyle and habits to provide a descriptive profile of 
your life. At its simplest, data profiling is used by marketing companies to identify you as a possible customer. 
At its most complex data profiling can be used by security services to identify potential suspects for unlawful 
activity, or to highlight parts of a person’s life where other forms of surveillance may reveal something about 
their activities. In those states where the European Directive on Data Protection is in force, you have rights of 


access to any data held about you for the purposes of data processing or profiling. . 


Data Protection Engineering The methodology and tools used to design and implement data protection 


mechanisms. 
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Data Record An identifiable set of data values treated as a unit, an occurrence of a schema in a database, 


or collection of atomic data items describing a specific object, event, or tuple (e.g., row of a table). 


Data Representation The manner in which data is characterized in a computer system and its 


peripheral devices. 


Data Retention Refers to the policies that govern data and records management for meeting internal, legal 


and regulatory data archival requirements. 
8 y q 


Data Safety Ensuring that (1) the intended data has been correctly accessed, (2) the data has not been 
manipulated or corrupted intentionally or accidentally, and (3) the data is legitimate. 


Data Security The protection of data from accidental or malicious modification, destruction, or disclosure. 


Data Segment A collection of data elements accessible to a database management system; a record in a file 


processing system. 


Data Server A computer or program that provides other computers with access to shared files over a 
network. 
Data Set A named collection of logically related data items, arranged in a prescribed manner and 


described by control information to which the programming system has access. 
data Theft The deliberate or intentional act of stealing of information. 


Data Warehouse A collection of integrated subject-oriented databases designed to support the Decision 
Support function, where each unit of data is relevant to some moment in time. The data warehouse contains 


atomic data and summarized data. 


Data Warehousing Is the consolidation of several previously independent databases into one 
location. 

Data A subset of information in an electronic format that allows it to be retrieved or transmitted. 
Database An integrated aggregation of data usually organized to reflect logical or functional 


relationships among data elements. 


Database-Based Workflow System Stores the document in a central location and automatically asks the 


knowledge workers to access the document when it is their turn to edit the document. 


Data-dependent Protection The protection of data at a level that is commensurate with the sensitivity 


of the entire file. 


Data-Driven Attack This form of attack takes place when malicious data is embedded in what 
appears to be a normal stream of data. When executed or otherwise processed, the malicious data causes 
unforeseen and often damaging events. A well-known example might be maliciously-crafted PDF documents 


exploiting flaws in the Acrobat Reader causing arbitrary code to be executed on the user's machine. 


Datagram Logical grouping of information sent as a network layer unit over a transmission medium 
without prior establishment of a virtual circuit. IP datagrams are the primary information units in the Internet. 
The terms “cell,” “frame,” “message,” “packet,” and “segment” are also used to describe logical information 


groupings at various layers of the OSI Reference Model and in various technology circles. 
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Data-Link Control Layer Layer 2 in the SNA architectural model. Responsible for the transmission 
of data over a particular physical link. Corresponds roughly to the data-link layer of the OSI model. 


Data-Link Layer Layer 2 of the OSI reference model. Provides reliable transit of data across a physical link. 
The data-link layer is concerned with physical addressing, network topology, line discipline, error notification, 
ordered delivery of frames, and flow control. The IEEE divided this layer into two sublayers: the MAC 
sublayer and the LLC sublayer. Sometimes simply called the link layer. Roughly corresponds to the data-link 
control layer of the SNA model. 


Data-Mining Agent An intelligent agent or application that operates in a data warehouse 


discovering information. 

Data-Mining Tool Software tool used to query information in a data warehouse. 
DAU Data Authentication. 

Davies-Meyer — An algorithm for turning a block cipher into a cryptographic one-way hash function, 


DBA Database Administrator. (1) A person who is in charge of defining and managing the 
contents of a database. (2) The individual in an organization who is responsible for the daily monitoring and 
maintenance of the databases. The database administrator’s function is more closely associated with physical 


database design than the data administrator’s function is. 


DBMS Database Management System. The software that directs and controls data resources. 
DBSM Database Security Monitoring. 

DCC Data Content Committee. Designated Data Content Committee. 

DCE (1) Data circuit-terminating equipment. 

DCE (2) Distributed Computing Environment. An architecture of standard programming interfaces, 


conventions, and server functionalities (e.g., naming, distributed file system, remote procedure call) for 
distributing applications transparently across networks of heterogeneous computers. Promoted and controlled 
by the Open Software Foundation (OSP), a consortium led by HewlettPackard, Digital Equipment Corp, and 
IBM. 


DCOM Distributed Component Object Model. A protocol that enables software components to 
communicate directly over a network. Developed by Microsoft and previously called “Network OLE,” 
DCOM is designed for use across multiple network transports including Internet Protocols such as HTTP. 


DCT Discrete Cosine Transform. Used in JPEG compression, the discrete cosine transform helps 
separate the image into parts of differing importance based on the image's visual quality; this allows for large 


compression ratios. The DCT function transforms data from a spatial domain to a frequency domain. 


DD Data Dictionary. 
DDE Direct Data Entry. 
DDL Data Definition Language. A set of instructions or commands used to define data for the 


data dictionary. A data definition language (DDL) is used to describe the structure of a database. 


DDOS Digital Denial of Service. A cyber war technique in which an Internet site, a server, or a 


router is flooded with more requests for data than the site or device can respond to or process. Consequently, 
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legitimate traffic cannot access the site and the site is in effect shut down. Botnets are used to conduct such 


attacks, thus distributing the attack over thousands of originating computers acting in unison, 


DDoS Distributed Denial of Service. A Denial of Service technique that uses numerous hosts to 
perform the attack; A class of attacks that results in the exhaustion of computing or communications resources 
by engaging many intermediate computers to simultaneously attack one victim, These intermediate attack 


systems are often previously compromised and under the control of the attacker. 


DDoS Distributed Denial of Service. A type of DOS attack where multiple compromised systems, 
which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) 
attack. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not 
letting legitimate parties enter into the shop or business, disrupting normal operations. Criminal perpetrators 
of DoS attacks often target sites or services hosted on high-profile web servers such as banks, credit card 


payment gateways; but motives of revenge, blackmail or activism can be behind other attacks. 


DDP Datagram Delivery Protocol. The lowest-level data-link-independent transport protocol. It 
provided a datagram service with no guarantees of delivery. All application-level protocols, including the 


infrastructure protocols NBP, RTMP and ZIP, were built on top of DDP. AppleTalk's DDP corresponds 
closely to the Network layer of the Open Systems Interconnection (OSI) communication model. 


DDR (1) Dial-on-Demand Routing. 
DDR (2) Dual Data Rate RAM. 
DEA Data Encryption Algorithm, The DEA cryptographic engine that is used by the Triple Data 


Encryption Algorithm (TDEA),. 


Dead-Drop A hijacked PC or server used to store all the personal data stolen by keyloggers, spyware or 
viruses. Criminal hackers prefer to keep their distance from this data as its possession is incriminating, Dead 


drops are usually found and shut down within a few days of the associated phishing e-mails being sent out. 


Deadlock A situation in which computer processing is suspended because two or more devices or 


processes are each awaiting resources assigned to the other. 


Debugging The process of correcting static and logical errors detected during coding. With the primary 
goal of obtaining an executable piece of code, debugging shares certain techniques and strategies with testing 


but differs in its usual ad hoc application and scope. 
Decentralization The process of distributing computer processing to different locations within an enterprise. 


Decentralized Computin An environment in which an organization splits computing power and 
puting 8 P puting p 


locates it in functional business areas as well as on the desktops of knowledge workers. 


Deceptive Trade Practices Misleading or misrepresenting products or services to consumers and 
customers. In the United States these practices are regulated by the Federal Trade Commission at the federal 
level and typically by the Attorney General’s Office of Consumer Protection at the state level. 


Decertification Revocation of the certification of an information system item or equipment for cause. 


Decipher The ability to convert, by use of the appropriate key, enciphered text into its equivalent 
plaintext. 


Decipherment — The reversal of a corresponding reversible encipherment. 


87 


Xingan Li & Peilin Li 


Decision Processing Enterprise Information Portal — Provides knowledge workers with corporate information 


for making key business decisions. 


Decision Superiority Better decisions arrived at and implemented faster than an opponent can 
react, or in a noncombat situation, at a tempo that allows the force to shape the situation or react to changes 


and accomplish its mission. 
P 


Declaration of Conformity Confirmation issued by the supplier of a product that 


specified requirements have been met. 
Declassification Event An event which would eliminate the need for continued classification. 


Declassification The determination that particular classified information no longer requires protection 
against unauthorized disclosure in the interest of national security. Such determination shall be by specific 
action or automatically after the lapse of a requisite period of time or the occurrence of a specified event. If 


such determination is by specific action, the material shall be so marked with the new designation. 


Decoding Changing a digital signal into analog form or another type of digital signal. The opposite of 
encoding. 

Decontrol The authorized removal of an assigned administrative control designation, 
Decrypt/Decipher/Decode Dectyption is the opposite of encryption. It is the 


transformation of encrypted information back into a legible form. Essentially, decryption is about removing 


disguise and reclaiming the meaning of information. 


Decryption A technique used to recover the original plaintext from the ciphertext so that it is intelligible 


to the reader. The decryption is a reverse process of the encryption. 
Dedicated Lines Private circuits between two or more stations, switches, or subscribers. 


Dedicated Mode Information systems security mode of operation wherein each user, with direct or indirect 
access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: I. valid security 
clearance for all information within the system, 2. formal access pproval and signed nondisclosure agreements 
for all the information stored and/or ptocessed (including all compartments, subcompartments, and/or 
special access programs), and 3. valid need to-know for all information contained within the information 
system. When in the dedicated security mode, a system is specifically and exclusively dedicated to and 
controlled for the processing of one particular type or classification of information, either for full-time 


operation or for a specified period of time. 


Dedicated Security Mode A system is operating in the dedicated security mode when the system and 
all of its local and remote peripherals are exclusively used and controlled by specific users or groups of users 
who have a security clearance and need-to-know for the processing of a particular category and type of 


classified material. 


Dedicated Server A microcomputer used exclusively to perform a specific service, such as to process the 


network operating system. 


Deduction A method of logical reasoning which results in necessarily true statements. As an example, if 
it is known that every man is mortal and that George is a man, then it can be deduced that George is mortal. 


Deduction is equivalent to the logical rule of modus ponens. 
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Deep Packet Inspection The capability to analyze network traffic to compare vendor-developed 


profiles of benign protocol activity against observed events to identify deviations. 


Deep Web The portion of World Wide Web content that is not indexed by standard search engine 
generally attributed to hacking and illegal cyber activities. 


Default Classification Classification reflecting the highest classification being processed in an 


information system. Default classification is included in the caution statement affixed to an object. 


Default Deny A paradigm for access control and input validation where an action must 
explicitly be allowed. The idea behind this paradigm is that one should limit the possibilities for unexpected 


behavior by being strict, instead of lenient, with rules. 


Default PasswordA simple password that comes with new software or hardware. Default passwords (like 
“admin” or “password” or “123456”) are easily guessed and usually are available via online search. They are 
intended as a placeholder and offer no real security and must be changed to a stronger password after installing 


new software or hardware. 


Default A setting automatically chosen by a program or computer that remains until the user 


specifies another setting. 


Defect Deficiency; imperfection; insufficiency; the absence of something necessary for completeness 
or perfection; a deficiency in something essential to the proper use for the purpose for which a thing is to be 


used; a manufacturing flaw, a design defect, or inadequate warning. 


Defense in Depth The practice of layering defenses to provide added protection. Defense in depth increases 
security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and 


an enterprise's computing and information resources. 


Defense-in-Breadth A planned, systematic set of multi-disciplinary activities that seek to 
identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub- 
component lifecycle (system, network, or product design and development; manufacturing; packaging; 


assembly; system integration; distribution; operations; maintenance; and retirement). 


Defense-in-Depth A principle for building systems stating that multiple defensive 
mechanisms at different layers of a system are usually more secure than a single layer of defense. For example, 
when performing input validation, one might validate user data as it comes in and then also validate it before 
each use just in case something was not caught, or the underlying components are linked against a different 


front end, etc. 


Defensive Programming Designing software that detects anomalous control flow, data flow, or data 
values during execution and reacts in a predetermined and acceptable manner. The intent is to develop 
software that correctly accommodates design or operational shortcomings; for example, verifying a parameter 


or command through two diverse sources before acting upon it. 


Degauss Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing 
field. 
Degraded-Mode Operation Maintaining the availability of the more critical system functions, despite 


failures, by dropping the less critical functions. 


Degree (of a relation) The number of attributes or columns of a relation. 
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DEK Data Encrypting Key. 
DEL Delivery and Operation, Delivery. 


Delegated Development Program INFOSEC program in which the Director, NSA, delegates, on a case by- 
case basis, the development and/or production of an entire telecommunications product, including the 


INFOSEC portion, to a lead department or agency. 


Delegation The notation that an object can issue a request to another object in response to a request. 
The first object therefore delegates the responsibility to the second object. Delegation can be used as an 


alternative to inheritance. 


Deleted File A file that has been logically, but not necessarily physically, erased from the operating system, 
perhaps to eliminate potentially incriminating evidence. Deleting files does not always necessarily eliminate the 


possibility of recovering all or part of the original data. 


Delphi A forecasting method where several knowledgeable individuals make forecasts and a forecast 


is derived by a trained analyst from a weighted average. 


Delta CRLs A variation of Certificate Revocation Lists that allows for incremental updating, as an effort 


to avoid frequently re-downloading a large amount of unchanged data. 


Demand Aggregation Combines purchase requests from multiple buyers into a single large order, 


which justifies a discount from the business. 


Demand-Mode Operation Systems that are used periodically on-demand; for example, a computer- 


controlled braking system in a car. 


Demodulation The reconstruction of an original signal from the modulated signal received at a destination 


device. 


Department of Homeland Security Cabinet level department of the United States assigned, inter alia, the task 
of protecting against terrorist threats and helping state and local authorities prepare for, respond to and 


recover from domestic disasters. 


Dependability | That property of a computer system such that reliance can be justifiably placed on the 
service it delivers. The service delivered by a system is its behavior as it is perceived by its user(s); a user is 


another system or human that interacts with the former. 


Depth An attribute associated with an assessment method that addresses the rigor and level of detail 
associated with the application of the method. The values for the depth attribute, hierarchically from less 


depth to more depth, are basic, focused, and comprehensive. 


Derivative Classification A determination that information is in substance the same as information 


currently classified, coupled with the designation of the level of classification. 


DES Data Encryption Standard. 
Descriptive Attributes The intrinsic characteristics of an object. 
Design and Implementation A phase of the systems development life cycle in which a set of functional 


specifications produced during systems analysis is transformed into an operational system for hardware, 


software, and firmware. 


90 


Dictionary of Cyber Security 


Design Review The quality assurance process in which all aspects of a system are reviewed publicly. 


Design The aspect of the specification process that involves the prior consideration of the 
implementation. Design is the process that extends and modifies an analysis specification. It accommodates 
certain qualities including extensibility, reusability, testability, and maintainability. Design also includes the 


specification of implementation requirements such as user interface and data persistence. 


Designated Router A designated router (DR) is the router interface elected among all routers 
on a particular multiaccess network segment, generally assumed to be broadcast multiaccess. The basic 
neighbor discovery process (Hello), flooding (224.0.0.6), DR election (priority, RID). Special techniques, 
often vendor-dependent, may be needed to support the DR function on nonbroadcast multiaccess (NBMA) 
media. It is usually wise to configure the individual virtual circuits of a NBMA subnet as individual point-to- 


point lines; the techniques used are implementation-dependent. 


Desktop Publishing The use of computer technology equipped with special hardware, firmware, 
and software features to produce documents that look equivalent to those printed by a professional print 


comp any. 


Destination Unreachable Host Unreachable If the IP module cannot deliver the datagram because the 
indicated protocol module or process port is not active, the destination host may send a destination 
unreachable message to the source hose — it is a message which a user would usually get from the remote 


gateway when the destination host is unreachable. 
Destruction Irretrievable loss of data file, or damage to hardware or software. 


Destructive Malware Anomalous Activity The process of comparing definitions of what activity is 


considered normal against observed events to identify significant deviations. 


DESX An extended version of DES that increases the resistance to brute-force attack in a highly 
efficient way by increasing the key length. The extra key material is mixed into the encryption process, using 
XORs. This technique does not improve resistance to differential attacks, but such attacks are still generally 
considered unfeasible against DES. 


Detect To discover threat activity within information systems, such as initial intrusions, during the 
threat activity or post-activity. Providing prompt awareness and standardized reporting of attacks and other 


anomalous external or internal system and network activity. 
Developer The organization that develops the IS. 


Device Distribution Profile An approval-based Access Control List (ACL) for a 
specific product that 1) names the user devices in a specific key management infrastructure (KMI) Operating 
Account (KOA) to which PRSNs distribute the product, and 2) states conditions of distribution for each 


device. 


Device registration manager Is the management role that is responsible for performing activities related 


to registering users that are devices. 


DHCP Dynamic Host Configuration Protocol. DHCP is a protocol by which a machine can obtain 


an IP number (and other network configuration information) from a server on the local network. 
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DHTML Dynamic Hypertext Markup Language. DHTML refers to web pages that use a 
combination of HTML, JavaScript, and CSS to create features such as letting the user drag items around on 


the web page, some simple kinds of animation, and many mote. 


DIA The acronym of the Department of Internal Affairs who enforce New Zealand’s anti-spam 


law, ensure censorship compliance and oversee online identity programmes including igovt 
Dial back Call back. 
Dial-Up Access to switched network, usually through a dial or push-button telephone. 


Diamond Model Developed by one of ThreatConnect’s founders, and the primary methodology used by 
ThreatConnect, the Diamond Model breaks each cyber event into four vertices or nodes. These vertices 
represent an Adversary, Capability, Infrastructure, and Victim. The connections between the vertices form a 
baseball diamond shape. Through this system analysts are able to derive a multidimensional picture of the 


underlying relationships between threat actors and their tools, techniques and processes. 


DIAP Defense-wide IA program (U.S. DoD). 
DICOM Digital Imaging and Communications in Medicine. 
Dictionary Attack An attack against a cryptographic system, using precomputating values to 


build a dictionary. For example, in a password system, one might keep a dictionary mapping ciphertext pairs in 
plaintext form to keys for a single plaintext that frequently occurs. A large enough key space can render this 
attack useless. In a password system, there are similar dictionary attacks, which are somewhat alleviated by salt. 
The end result is that the attacker once he knows the salt can do a “Crack’-style dictionary attack. Crack-style 
attacks can be avoided to some degree by making the password verifier computationally expensive to compute. 


Or select strong random passwords, or do not use a password-based system. 


Dielectric A nonconducting or insulating substance that resists passage of electric current, allowing 


electrostatic induction to act across it, as in the insulating medium between the plates of a condenser. 


Differential Cryptanalysis A type of cryptographic attack where an attacker who can select related 
inputs learns information about the key from comparing the outputs. Modern ciphers of merit are designed in 
such a way as to thwart such attacks. Also note that such attacks generally require enough chosen plaintexts as 


to be considered unfeasible, even when there is a cipher that theoretically falls prey to such a problem. 


Diffie-Hellman Key Exchange A method for exchanging a secret key over an untrusted medium in such a 
way as to preserve the secrecy of the key. The two parties both contribute random data that factors into the 
final shared secret. The fundamental problem with this method is authenticating the party with whom you 
exchanged keys. The simple Diffie-Hellman protocol does not do that. One must also use some public-key 


authentication system such as DSA. 


Diffraction Signal loss as a result of variations in the terrain the signal crosses. 
Digest Size The output size for a hash function, 
Digimark a company that creates digital watermarking technology used to authenticate, validate and 


communicate information within digital and analog media. 
Digit A single numeral representing an arithmetic value. 


Digital Cash An electronic representation of cash, 
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Digital Certificate A piece of information, a digitized form of signature, that provides sender 
authenticity, message integrity and non-repudiation. A digital signature is generated using the sender’s private 
key or applying a one-way hash function. Digital certificates allow a user to send an encrypted message. A 
digital certificate is an attachment to an electronic message that verifies the user is who they claim to be, and is 
used to ensure secure e-business transactions. The Certificate Authority (CA), which issues a user's digital 
certificate, makes known the user's public key, which another user employs to decode the digital certificate 
attached to a message. This process also verifies that the certificate was issued by the CA and allows users to 
obtain identification information of the certificate-holding sender. The recipient of the message can then send 


an encrypted reply. 
Digital Citizenship Digital citizenship goes beyond notions of safety and risk, implying 


positive engagement with digital technologies for a range of purposes, while being responsible for one’s own 


safety and protecting that of others. 


Digital Code Signing The process of digitally signing computer code so that its integrity remains 


intact and it cannot be tampered with. 


Digital Divide The fact that different peoples, cultures, and areas of the world or within a nation do not 


have the same access to information and telecommunications technologies. 


Digital Economy Marked by the electronic movement of all types of information, not limited to numbers, 
words, graphs, and photos but also including physiological information such as voice recognition and 


synthesization, biometrics (a person’s retina scan and breath, for example), and 3-D holograms. 
Digital Evidence Electronic information stored or transferred in digital form. 


Digital Fingerprint A characteristic of a data item, such as a cryptographic checkvalue or the 
result of performing a one-way hash function on the data, that is sufficiently peculiar to the data item that it is 


computationally infeasible to find another data item that possesses the same characteristics. 


Digital Footprint A trail left by interactions in a digital environment. In social media, a digital footprint is the 
size of a person’s ‘online presence’ measured by the number of individuals with whom they interact. Refers to 
the trail a person leaves behind through their activities on the Internet e.g. sites they visit, photos they upload, 
and social networking interactions. Can be a problem for young people who do not realize that their actions in 


cyberspace are usually not erased with time. 
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Digital Forensics The application of science to the identification, collection, examination, and analysis of data 


while preserving the integrity of the information and maintaining a strict chain of custody for the data. 


Digital Literacy The ability to effectively and critically navigate, evaluate and create information using a 
range of digital technologies. 


Digital Modem A piece of equipment that joins a digital phone line to a piece of communication equipment, 
which may be a phone or a PC. Such equipment allows testing, condition, timing, interfacing, etc. But it does 
not do what a modem does namely convert digital signals from machines into analog signals which can be 


carried on analog phone lines. The term digital modem, thus, is somewhat of a misnomer. 


Digital Natives/ Immigrants These terms were coined by Marc Prensky in his work Digital Natives, 
Digital Immigrants, published in 2001. The term has come to refer to people who were ‘born digital’ that is, 
have never known a world without digital technologies, and through interacting with digital technologies from 
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an early age, have a greater understanding of their concepts. Conversely, ‘Digital Immigrants’ were those born 


before the advent of these digital technologies. 


Digital PABX An automatic switching system. No operator is needed to complete the 


call. In the original PBX system operators were sometimes needed to complete the calls. 


Digital Pearl Harbor A cyberwarfare attack similar in scale and surprise to the 1941 attack on 
Pearl Harbor. The expression is often invoked by those who argue that a cyber-based attack is either imminent 
or inevitable and that by not being properly prepared, the United States will suffer significant and unnecessary 


losses. 


digital Rights Management A form of access control technology to protect and manage use of digital 


content or devices in accordance with the content or device provider's intentions. 
Digital Signature Algorithm Asymmetric algorithms used for digitally signing data. 


Digital Signature An asymmetric key operation where the private key is used to digitally sign data and the 
public key is used to verify the signature. Digital signatures provide authenticity protection, integrity 
protection, and non-repudiation. It is used for electronic commerce security and similar to a digital certificate, 
a digital signature is a code attached to an electronic message to verify the sender's identity. A digital signature 
is a computed version of the text that is encrypted and sent with the message. The recipient then decrypts the 
signature and recomputes the digest from the received text. Matching digests prove the authenticity of the 


message and the sender. To be effective, digital signatures must be impervious to forging, 


Digital A mode of transmission where information is coded in binary form for transmission on the 
network. 

Digitize Converting an analog or continuous signal into a series of Is and Os, ie., into a digital 
format. 

DII Defense Information Infrastructure. The complete set of DoD information transfer and 


processing resources, including information and data storage, manipulation, retrieval, and display. More 
specifically, the DII is the shared or interconnected system of computers, communications, data, applications, 
security, people, training, and other support structure, serving the Dob’s local and worldwide information 
needs. It connects DoD mission support, command and control, and intelligence computers and users through 
voice, data, imagery, video, and multimedia services; and it provides information processing and value-added 
services to subscribers over the DISN and interconnected Service and Agency networks. Data, information, 


and user applications software unique to a specific user are not considered part of the DII. 
DIMM Dual Inline Memory Module. 


Diode Devices that conduct electricity in one direction only. They are sometimes referred to as PN 
(positive-negative) devices because they are made of a single semiconductive crystal with a positive terminal 


and a negative terminal. 


Direct Access The method of reading and writing specific records without having to process all preceding 
records in a file. 


Direct Current — A flow of electricity always in the same direction. 


Direct Organization A method of file organization under which records are located on the basis 


of their keys and associated addresses on the storage media. 
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Direct Shipment Shipment of COMSEC material directly from NSA to user COMSEC accounts. 
Directory Engine Search Organizes listings of Web sites into hierarchical lists. 


Directory Service A service provided on a computer network that allows one to look up addresses (and 


perhaps other information such as public key certificates) based upon user-names. 


DISA Data Interchange Standards Association. A body that provides administrative services to 
X12 and several other standards-related groups. 


DISA The Data Interchange Standards Association. 


Disaster Notification Fees The fee a recovery site vendor usually charges when the customer notifies 
them that a disaster has occurred and the recovery site is required. The fee is implemented to discourage false 


disaster notifications. 


Disaster Recovery Cost Curve Charts (1) the cost to the organization due to the unavailability of 


information and technology, and (2) the cost to the organization of recovering from a disaster over time. 


Disaster (1) A sudden, unplanned calamitous event causing great damage or loss. Any event that 
creates an inability on an enterprise's part to provide critical business functions for some predetermined period 
of time. Similar terms are business interruption, outage and catastrophe. (2) The period when enterprise 
management decides to divert from normal production responses and exercises its disaster recovery plan 


(DRP). It typically signifies the beginning of a move from a primary location to an alternate location. 


Disc Mirroring This is the practice of duplicating data in separate volumes on two hard disks to make 
storage more fault-tolerant. Mirroring provides data protection in the case of disk failure, because data is 


constantly updated to both disks. 


Disclosure Policy A policy that governs the disclosure to clients and other stakeholder by a provider of a 


computer program or system of defects discovered in those products. 


Disclosure The release, transfer, provision of access to, or divulging in any other manner of information 


outside the entity holding the information. 


Disconnection The termination of an interconnection between two or more IT systems. A disconnection 


may be planned (e.g., due to changed business needs) or unplanned (i.e., due to an attack or other contingency). 


Discrepancy Reports A listing of items that have violated some detective control and require 


further investigation. 


Discretionary Access Control The basis of this kind of security is that an individual user, or program 
operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs 
executing on their behalf) may have to information under the user’s control. A means of restricting access to 
objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) 
and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a 
certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject 


(unless restrained by mandatory access control), 


Discrimination The unjust treatment of different categories of people, especially on the grounds of race, age, 


religion, sex or sexual orientation, 
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Disinhibition In the online environment, people may feel that they can be less careful than they might be 


in an offline environment. 


Disintermediation The use of the Internet as a delivery vehicle whereby intermediate players 


in a distribution channel can be bypassed. 
Disk Address The positioned location of a data record on magnetic disk storage. 


Disk Duplexing This refers to the use of two controllers to drive a disk subsystem. Should one of the 
controllers fail, the other is still available for disk I/O. Software applications can take advantage of both 


controllers to simultaneously read and write to different drives. 


Disk Imaging Generating a bit-for-bit copy of the original media, including free space 


and slack space. 


Disk Mirroring Disk mirroring protects data against hardware failure. In its simplest form, a two-disk 
subsystem would be attached to a host controller. One disk serves as the mirror image of the other. When data 
is written to it, it is also written to the other disk. Both disks will contain exactly the same information. If one 


fails, the other can supply the user data without problem. 


Disk Optimization Software Utility software that organizes information on the hard disk in the most 


efficient way. 


Diskette A flexible disk storage medium most often used with microcomputers; also called a floppy 
disk. 
DISN Defense Information Systems Network. A subelement of the Defense Information 


Infrastructure (DI), the DISN is the DoD’s consolidated worldwide enterprise level telecommunications 
infrastructure that provides the end-to-end information transfer network for supporting military operations. It 
is transparent to its users, facilitates the management of information resources, and is responsive to national 


security and defense needs under all conditions in the most efficient manner. 


Disruption An unplanned event that causes the general system or major application to be inoperable for 
an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or 


equipment or facility damage or destruction). 


Distinguished Encoding Rules A set of rules used that describes how to encode ASN.1 data objects 


unambiguously. 


Distinguished Name In an X.509 certificate, a field that uniquely specifies the user or group to 
which the certificate is bound. Usually, the Distinguished Name will contain a user’s name or User ID, an 
organizational name, and a country designation, For a server certificate, it will often contain the DNS name of 


the machine. 


Distinguishing Identifier Data that unambiguously distinguishes an entity in the authentication 


process. Such an identifier shall be unambiguous at least within a security domain. 


Distortion An undesired change in an image or signal. A change in the shape of an image resulting from 


imperfections in an optical system, such as a lens. 


Distributed Application A set of information processing resources distributed over one or more 


open systems which provides a well-defined set of functionality to (human) users, to assist a given (office) task. 
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Distributed Computing The distribution of processes among computing components that are 


within the same computer or different computers on a shared network. 


Distributed Database A database management system with the ability to effectively manage data 


that is distributed across multiple computers on a network. 


Distributed Environment A set of related data processing systems in which each system has its own 
capacity to operate autonomously but has some applications that are executed at multiple sites. Some of the 


systems may be connected with teleprocessing links into a network with each system serving as a node. 


Distributed System A multi-work station, or terminal system where more than one 
workstation shares common system resources. The work stations are connected to the control unit/data 


storage element through communication lines. 


Dithering Creating the illusion of new colors and shades by varying the pattern of dots in an image. 
DITSCAP Department of Defense Information Technology Security Certification and Accreditation 
Process. 

DITSCAP DoD Information Technology Security Certification and Accreditation Process. The 


standard DoD process for identifying information security requirements, providing security solutions, and 


managing IS security activities. 
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Diversity Using multiple different means to perform a required function or solve the same problem. 


Diversity can be implemented in software and hardware. 


DIX Digital-Intel-Xerox. 

DLC Data Link Control. 

DLCI Data Link Connection Identifier (Frame Relay). 

DLL Data Link Layer. A layer with the responsibility of transmitting data reliably across a 


physical link (cabling, for example) using a networking technology such as Ethernet. The DLL encapsulates 
data into frames (or cells) before it transmits it. It also enables multiple computer systems to share a single 


physical medium when used in conjunction with a media access control methodology such as CSMA/CD. 


DLP Data Loss Prevention. A comprehensive approach (covering people, processes, and systems) 
of implementing policies and controls designed specifically to discover, monitor, and protect confidential data 


wherever it is stored, used, or in transit over the network and at the perimeter. 


DME Durable Medical Equipment. 
DMEPOS Durable Medical Equipment, Prosthetics, Orthotics, and Supplies. 
DML Data Manipulation Language. A data manipulation language provides the necessary 


commands for all database operations, including storing, retrieving, updating, and deleting database records. 


DMZ Demilitarized Zone. An interface on a routing firewall that is similar to the interfaces found 
on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side 
of the firewall still goes through the firewall and can have firewall protection policies applied. A host or 
network segment inserted as a “neutral zone” between an organization’s private network and the Internet. 


Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce 
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the internal network’s Information Assurance policy for external information exchange and to provide external, 
untrusted sources with restricted access to releasable information while shielding the internal networks from 


outside attacks. 
DNA SCP Digital Network Architecture Session Control Protocol (DECnet). 
DNIC Data Network Identification Code (X.25). 


DNS Cache Poisoning Modifying data in a Domain Name System (DNS) server so that calls to 


particular Websites or even entire domains are misdirected for fraudulent purposes. 








DNS Domain Name System. The Domain Name System helps users to find their way around the 
Internet. Every computer on the Internet has a unique IP (Internet Protocol) address - just like a telephone 
number which is a rather complicated string of numbers. The DNS makes using the Internet easier by allowing 
a familiar string of letters (ie. www.google.com) to be used instead of the arcane IP address (ie. 


74.125.224.72). 


DNSSEC Domain Name System Security Extensions. A technology that was developed to, among 
other things, protect against such attacks by digitally ‘signing’ data so you can be assured it is valid. 


DoA Direction of Arrival. The electromagnetic waves arrive at the directional antenna and are 
received more readily from one direction than from another. The antenna needs to be aligned with the 


direction of arrival. 


DOC Delivery-Only Client. A configuration of a client node that enables a DOA agent to access a 
primary services node (PRSN) to retrieve KMI products and access KMI services. A DOC consists of a client 
platform but does not include an AKP. 


Document Any recorded information regardless of its physical form or characteristics, including, 
without limitation, written or printed material; data processing cards and tapes; maps; charts; paintings; 
drawings; engravings; sketches; working notes and papers; reproductions of such things by any means or 


process; and sound, voice, or electronic recordings in any form. 
Documentation The written narrative of the development, workings, and operation of a program or system. 
DOD Department of Defense. 


DoDTCSEC DoD Trusted Computer System Evaluation Criteria. Document containing basic 
requirements and evaluation classes for assessing degrees of effectiveness of hardware and software security 


controls built into an IS, This document, DoD 5200.28 STD, is frequently referred to as the Orange Book. 


DOI Domain of Interpretation. The DOI defines payload formats, the situation, exchange types, 
and naming conventions for certain information such as security policies, or cryptographic algorithms. It is 


also used to interpret the ISAKMP payloads. 


Domain and Type Enforcement A confinement technique in which an attribute called a domain is 
associated with each subject and another attribute called a type is associated with each object. A matrix 


specifies whether a particular mode of access to objects of a type is granted or denied to subjects in a domain. 


Domain Dimension The dimension dealing with the structural aspects of the system involving 


broad, static patterns of internal behavior. 
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Domain Hijacking An attack in which an attacker takes over a domain by first blocking access 


to the domain’s DNS server and then putting his own server up in its place. 


Domain Name Domain names are used in Universal Resource Locators (URLs) to identify particular web 
pages or sites located on the Internet. For example, the domain name netsafe.org.nz represents the website for 
NetSafe. The ownership of a domain name can often be researched by performing a ‘Whois’ search 
(www.whois.net) allowing you to evaluate the length of time a website has been in existence and the people or 
company behind the site. A private or anonymous registration record or newly established site could indicate 


suspicious behaviour. 


Domain A set of subjects, their information objects, and a common security policy. An environment 
or context that includes a set of system resources and a set of system entities that have the right to access the 


resources as defined by a common security policy, security model, or security architecture. 


DoS Attack Denial of Service Attack. Involving an attempt to disrupt the normal functioning of a 
website or web service. In a typical DoS attack, the attacker will overload a site’s server with requests for access 


far above the capacity of the site, meaning that legitimate requests cannot be processed. 


DOS Disk Operating System. Software that controls the execution of programs and may provide 


system services as resource allocation, 


Downgrading The determination that particular classified information requires a lesser 
degree of protection or no protection against unauthorized disclosure than currently provided. Such 
determination shall be by specific action or automatically after lapse of the requisite period of time or the 
occurrence of a specified event. If such determination is by specific action, the material shall be so marked with 


the new designation. 


Downlink Frequencies Frequencies used in the transmission link reaching from a satellite to the 
ground. 

Download Transmission of data from a remote computer system onto a local computer system. 
Downtime A period of time in which the computer is not available for operation. 

Doxnet A fictional virus modeled after the Stuxnet virus. Like Stuxnet, Doxnet is able to damage 


physical infrastructure. 


DPA (1) Differential Power Analysis. An analysis of the variations of the electrical power 
consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the 


purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm. 


DPA (2) Dynamically Phased Array. Type of radio antenna used in certain satellite and wireless 
communications, This small flat antenna mounts on the side of a building or on a rooftop. It has an array of 


chip-based radio receivers, which lock in on the target transmission frequency on a dynamic basis. 


DPP Deep Packet Processing, delivers the ability to inspect, forward, drop, clone, or even modify 
network traffic, at line rates. With Deep Packet Processing and combinations of policies and/or programming, 


the lag time from inspection to action drops from minutes or hours or worse, days, to milliseconds. 


DPS Global Positioning System. Global Positioning System is a global navigation satellite system 


that is used in cars or phones to determine location and provide directions. A collection of 24 earth-orbiting 
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satellites that continuously transmit radio signals to determine an object or target’s current longitude, latitude, 


speed, and direction of movement. 


DPT Tests, depth. 

DQDB Distributed Queue Dual Bus (SMDS). 

DR Designated router. 

DRAM Dynamic random access memory. 

DRBG Deterministic Random Bit Generator. A Random Bit Generator (RBG) that includes a 


DRBG mechanism and (at least initially) has access to a source of entropy input. The DRBG produces a 
sequence of bits from a secret initial value called a seed, along with other possible inputs. A DRBG is often 
called a Pseudorandom Number (or Bit) Generator. 


DRG Diagnosis Related Group. 


Drive-by Downloads Drive-by downloads are downloads of software, adware, or malware that is 
either authorized by the user without understanding the consequences or downloaded without the knowledge 


of the user. This can occur by visiting nefarious websites, clicking on links in email, or clicking on a popup ad. 


DRM Digital Rights Management. Focuses on security and encryption to prevent unauthorized 
copying limit distribution to only those who pay. This is considered first-generation DRM. 


Drop Accountability Procedure under which a COMSEC account custodian initially receipts 
for COMSEC material, and provides no further accounting for it to its central office of record. Local 
accountability of the COMSEC material may continue to be required. 


DRP Disaster Recovery Plan. Management policy and procedures used to guide an enterprise 
response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed 
by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a 


loss of capability over a period of hours or days. 


DS-0 Digital Signal, level 0. A DS-0 is a voice-grade channel of 64 kbps. 

DS-I Digital Signal Level I (1.544 Mb). 

DS-3 Digital Signal Level 3 (45 Mb). 

DSA The Digital Signature Algorithm, a public key algorithm dedicated to digital signatures 
which was standardized by NIST. It is based on the same mathematical principles as Diffie-Hellman. 

DSAP Destination Service Access Point (LLC). 

DSE Data Switching Equipment. 

DSL Digital Subscriber Line. A method for moving data over regular phone lines. A DSL circuit 


is much faster than a regular phone connection, and the wires coming into the subscriber's premises are the 
same (copper) wires used for regular phone service. A DSL circuit must be configured to connect two specific 
locations, similar to a leased line (however a DSL circuit is not a leased line. A common configuration of DSL 
allows downloads at speeds of up to 1.544 megabits (not megabytes) per second, and uploads at speeds of 
128 kilobits per second. This arrangement is called ADSL Asymmetric Digital Subscriber Line. Another 


common configuration is symmetrical 384 Kilobits per second in both directions. 
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DSMO Designated Standard Maintenance Organization. 

DSR Data Set Ready. 

DSS (1) Digital Subscriber Signaling System. 

DSS (2) Digital Signature Standard. The National Security Administration’s standard for verifying an 


electronic message. 


DSS (3) Decision Support System. A computer information system that helps executives and 
managers formulate policies and plans. This support system enables the users to access information and assess 


the likely consequences of their decisions through scenario projections. 


DSS shell A set of programs that can be used for constructing a decision support system. 

DSSA Distributed System Security Architecture; developed by Digital Equipment Corporation, 
DSTU Draft Standard for Trial Use. 

DSU Data Service Unit. 

DTA Digital Audio Tape. A magnetic tape technology. DAT uses 4-mm cassettes capable of 


backing up anywhere between 26 and 126 bytes of information. 


DTD Data Transfer Device. Fill device designed to securely store, transport, and transfer 
electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous 


generation of COMSEC common fill devices, and programmable to support modern mission systems. 


DTE (1) Data Terminal Equipment. 
DTE (2) Domain and Type Enforcement. 
DTLS Descriptive Top-Level Specification. A natural language descriptive of a system’s security 


requirements, an informal design notation, or a combination of the two. 


DTMF Dual Tone Multifrequency. A term describing push button or touch-tone dialing, When you 
push a button, it makes a tone that is actually a combination of two tones, one high frequency and one low 
frequency. 

DTR Data Terminal Ready. 

Dual Control A procedure that uses to or more entities (usually persons) operating in 


concert to protect a system resources, such that no single entity acting alone can access that resource. 
DUAL Diffused Update Algorithm. 


Dual-Use Certificate A certificate that is intended for use with both digital signature and data 


encryption services. 


Due Care The level of care expected from a reasonable person of similar competency under similar 
conditions. Managers and their organizations have a duty to provide for information security to ensure that the 
type of control, the cost of control, and the deployment of control are appropriate for the system being 


managed. 
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Due Diligence The performance of those actions that are generally regarded as prudent, responsible and 


necessary to conduct a thorough and objective investigation, review and/or analysis. 
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Dumb Terminal A device used to interact directly with the end user where all data is processed on a remote 


computer. A dumb terminal only gathers and displays data; it has no processing capability. 
Dump The contents of a file or memory that are output as listings. These listing can be formatted. 


Dumpster Diving A method of obtaining proprietary, confidential or useful information by searching through 
trash discarded by a target. Recovering files, letters, memos, photographs, IDs, passwords, checks, account 
statements, credit card offers and more from garbage cans and recycling bins. This information can then be 


used to commit identity theft. 


Duplex Communications systems or equipment that can simultaneously carry information in both 
directions between two points. Also used to describe redundant equipment configurations (e.g., duplexed 


processors). 


Duplicate Digital Evidence A duplicate is an accurate digital reproduction of all data 


objects contained on the original physical item and associated media. 


Duration A field within a certificate that is composed of two subfields; “date of issue” and “date of 
next issue.” 
Dynamic Analysis Exercising the system being assessed through actual execution; includes 


exercising the system functionally (traditional testing) and logically through techniques such as failure 
assertion, structural testing, and statistical-based testing. Major system components have to have been built 


before dynamic analysis can be performed. 


dynamic Attack Surface The automated, on-the-fly changes of an information  system’s 


characteristics to thwart actions of an adversary. 


Dynamic Binding The responsibility for executing an action on an object resides within the object itself. The 


same message can elicit a different response depending upon the receiver. 


Dynamic Dimension The dimension concerned with the nonstatic, process related properties of 


the system. 


Dynamic Ports Dynamic and/or ptivate ports--49152 through 65535. Not listed by IANA because of their 


dynamic nature. 


Dynamic Processing The technique of swapping jobs in and out of computer memory. This 


technique can be controlled by the assignment priority and the number of time slices allocated to each job. 


Dynamic Subsystem A subsystem that is not continually present during the execution phase of 
an information system. Service-oriented architectures and cloud computing architectures are examples of 


architectures that employ dynamic subsystems. 


EA (1) Electronic Attack. Use of EM or Directed Energy to attack personnel, facilities or 
equipment to destroy/ degrade combat capability. 


EA (2) Enterprise Architecture. The description of an enterprise‘s entire set of information systems 


how they are configured, how they are integrated, how they interface to the external environment at the 
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enterprise's boundary, how they are operated to support the enterprise mission, and how they contribute to the 


enterprise’s overall security posture. 


EAI Middleware Enterprise Application Integration Middleware. Allows organizations to develop different 


levels of integration from the information level to the business process level. 


EAL (1) Enterprise Application Integration. The process of developing an IT infrastructure that 


enables employees to implement new or changing business processes. 
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EAL (2) Evaluation Assurance Level. Set of assurance requirements that represent a point on the 


Common Criteria predefined assurance scale. 
EAP Extensible Authentication Protocol. 


Early Token Release Technique used in Token Ring networks that allows a station to release a 
new token onto the ring immediately after transmitting, instead of waiting for the first frame to return. This 


feature can increase the total bandwidth on the ring. 


Earth Stations Ground terminals that use antennas and other related electronic equipment designed to 


transmit, receive, and process satellite communications. 


Ease Amount of time and skill level required to either penetrate or restore function. Measures the 


degree of difficulty. 


Easter Egg Hidden functionality within an application program, which becomes activated when an 
undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically 


used to display the credits for the development team and are intended to be nonthreatening. 


E-Authentication Electronic Authentication, The process of establishing confidence in user identities 


electronically presented to an information system. 


Eavesdropping Attack An attack in which an Attacker listens passively to the authentication 
protocol to capture information which can be used in a subsequent active attack to masquerade as the 


Claimant. 


Eavesdropping The unauthorized interception of information-bearing emanations through methods other 


than wiretapping. 


EB Exabyte. A Exabyte is 1,152,921,504,606,846,976 (260) bytes, 1,024 Petabytes, or 
1,048,576 Terabytes. 

EBCDIC Extended Binary-Coded Decimal Interchange Code. A data representation and code system 
based on the use of an 8-bit byte. 

EBGP Exterior Border Gateway Protocol. 

EBPP Electronic Bill Presentation and Payment. A system that sends people their bills over the 


Internet and gives them an easy way to pay. 
E-Business Electronic Business. Doing business online. 


ebXML Electronic business XML. A set of technical specifications for business documents built 
around XML designed to permit enterprises of any size and in any geographical location to conduct business 


over the Internet. 
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EC Electronic commerce. 


ECC Elliptical Curve Cryptography. An algorithm that combines plane geometry with algebra to 
achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which 


primarily use algebraic factoring. Smaller keys are more suitable to mobile devices. 


Echo Hiding Relies on limitations in the human auditory system by embedding data in a 
cover audio signal. Using changes in delay and relative amplitude; two types of echos are created which allows 


for the encoding of one’s and zeros. 
Echo The display of characters on a terminal output device as they are entered into the system. 


Ecological Dimension The dimension dealing with the interface properties of a system; inflow 


and outflow of forces in a system. 


E-commerce The processes by which enterprises conduct business electronically with 
their customers, suppliers and other external business partners, using the Internet as an enabling technology. E- 
commerce encompasses both business-to-business (B2B) and business-to-consumer (B2C) e-commerce models, 


but does not include existing non-Internet e-commerce methods based on private networks such as electronic 


data interchange (EDI) and Society for Worldwide Interbank Financial Telecommunication (SWIFT). 


Economy Scaleable system packages ease the application of economy. Space, weight, or time 
constraints limit the quantity or capability of systems that can be deployed. Information requirements must be 
satisfied by consolidating similar functional facilities, integrating commercial systems into tactical information 


works, or accessing to a different information system. 


ECR Electronic Cash Register. A device that registers and calculates transactions and may print 


out receipts, but does not accept customer card payments. 


ECU End Cryptographic Unit. Device that (1) performs cryptographic functions, (2) typically is 
part of a larger system for which the device provides security services, and (3) from the viewpoint of a 
supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable 


component with which a management transaction can be conducted. 


EDI Translator A software tool for accepting an EDI transmission and converting the data into another 


format, or for converting a non-EDI data file into an EDI format for transmission. 


EDI Electronic Data Interchange. A process whereby such specially formatted documents as an 
invoice can be transmitted from one organization to another. A system allowing for intercorporate commerce 


by the automated electronic exchange of structured business information. 


EDIFACT United Nations Rules for Electronic Data Interchange for Administration, Commerce, and 
Transport (UN /EDIFACT). 


Edit The process of inspecting a data field or element to verify the correctness of its content. 


EDP Auditor A professional whose responsibility is to certify the validity, reliability, and integrity of all 
aspects of the computer information system environment of an organization, a.k.a. IS auditor, CIS auditor, or 


IT auditor. 
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Education and Training The cybersecurity work where a person conducts training of personnel 
within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, 


and techniques as appropriate. 


Education IT security education focuses on developing the ability and vision to perform complex, 
multidisciplinary activities and the skills needed to further the IT security profession. Education activities 


include research and development to keep pace with changing technologies and threats. 


Educational Technology The study and ethical practice of facilitating learning 
and improving performance by creating, using and managing appropriate technological processes and resources. 


The term is often associated with, and encompasses, instructional theory and learning theory. 


EEPROM Electrically Erasable Programmable Read-Only Memory. 
EF Electronic Warfare. 
Effectiveness Efficiency, potency, or capability of an act in producing a desired (or 


undesired) result. The power of the protection or the attack. 


Efficiency Capability, competency, or productivity. The efficiency of an act is a measure of the work 


required to achieve a desired result. 
EFT Electronic Funds Transfer. The process of moving money between accounts via computer. 


E-Government The use by government agencies of Web-based Internet applications and other information 


technology. 
EGP Exterior Gateway Protocol. 


Egress Filtering Filtering of outgoing network traffic. 


Egress Network communications going out. 

EIA Electronic Industries Association. 

EIGRP Enhanced Interior Gateway Routing Protocol. 

EIN Employer Identification Number. 

Einstein A program administered by the Department of Homeland Security’s US-CERT that 


provides an automated intrusion detection system designed to block unauthorized network traffic from 
entering government websites. The program provides a process for collecting, correlating, analyzing, and 
sharing computer security information across the federal government to improve the nation’s situational 
awareness. US-CERT has deployed two generations of Einstein programs and is currently developing Einstein 
3. 


EIP Enterprise Information Portal. Allows knowledge workers to access company information 


via a Web interface. 


EIS Executive Information System. A very interactive IT system that allows the user to first view 
highly summarized information and then choose how to see greater detail, which may be an alert to potential 


problems or opportunities. 
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EKMS Electronic Key Management System. Interoperable collection of systems being developed by 
services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, 


storing, filling, using, and destroying of electronic key and management of other types of COMSEC material. 


Electromagnetic Emanations Signals transmitted as radiation through the air or conductors. 
Electron A light, subatomic particle that carries a negative charge. 
Electronic Bulletin Board An application program that lets users contribute messages via e-mail that 


can be routed or shared with users. 
Electronic Catalog Designed to present products to customers via the Internet. 


Electronic Code Book mode An encryption mode for block ciphers that is more or less a direct use of 
the underlying block cipher. The only difference is that a message is padded out to a multiple of the block 


length. This mode should not be used under any circumstances. 


Electronic Commerce A broad concept that covers any trade or commercial transaction that is 
effected via electronic means; this would include such means as facsimile, telex, EDI, Internet, and the 
telephone. For the purpose of this book the term is limited to those commercial transactions involving 


computer to computer communications whether utilizing an open or closed network. 


Electronic Countermeasure That division of Electronic Warfare involving actions taken to prevent or 
reduce an enemy's effective use of the electromagnetic spectrum, through the use of electromagnetic energy. 
There are three sub-divisions of ECM Electronic Jamming, Electronic Deception and Electronic 


Neutralization. 


Electronic Credentials Digital documents used in authentication that bind an identity or an 


attribute to a subscriber's token. 


Electronic Data Vaulting Electronic vaulting protects information from loss by providing automatic 


and transparent backup of valuable data over high-speed phone lines to a secure facility. 


Electronic Document File A magnetic storage area that contains electronic images 


of papers and other communications documents. 


Electronic Evidence Information and data of investigative value that is stored on or transmitted 


by an electronic device. 


Electronic Frontier Foundation A foundation established to address social and legal issues arising from the 
impact on society of the increasingly pervasive use of computers as the means of communication and 


information distribution. 


Electronic Infections Often called “viruses,” these malicious programs and codes harm your 
computer and compromise your privacy. In addition to the traditional viruses, other common types include 


worms and Trojan horses. They sometimes work in tandem to do maximum damage. 


Electronic Job Market Consists of employers using the Internet to advertise for and screen 


potential employees. 


Electronic Journal A computerized log file summarizing, in chronological sequence, the 
processing activities and events performed by a system. The log file is usually maintained on magnetic storage 


media. 
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Electronic Key Entry The entry of cryptographic keys into a cryptographic module using 
electronic methods such as a smart card or a key-loading device. (The operator of the key may have no 


knowledge of the value of the key being entered.) 
Electronic Mail Formal or informal communications electronically transmitted or delivered. 


Electronic Messaging Services Services providing interpersonal messaging capability; meeting specific 
functional, management, and technical requirements; and yielding a business-quality electronic mail service 


suitable for the conduct of official government business. 


Electronic Office An office that relies on word processing, computer systems, and communications 


technologies to support its operations. 


Electronic Portfolio Collection of Web documents used to support a stated purpose such as 


writing skills. 


Electronic Signature Any technique designed to provide the electronic equivalent of a 
handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an 


example of electronic signatures. 
P gs 


Electronic Warfare Support That division of EW involving actions tasked by, or under direct control 
of, an operational commander to search for, intercept, identify, and locate sources of intentional and 
unintentional radiated electromagnetic energy for the purpose of immediate threat recognition. Thus, 
electronic warfare support provides information required for immediate decisions involving EW operations 
and other tactical actions such as threat avoidance, targeting and homing. ES data can be used to produce 


signals intelligence. 


Electronic Warfare Is any military action involving the use of electromagnetic and directed 
energy to control the electromagnetic spectrum or to attack the enemy. The three major subdivisions within 


electronic warfare are electronic attack, electronic protection, and electronic warfare support. 


Electronically Generated Key Key generated in a COMSEC device by introducing (either mechanically 
or electronically) a seed key into the device and then using the seed, together with a software algorithm stored 
in the device, to produce the desired key. 


Electronically Stored Information Email and other electronic communication, word processing documents, 
spreadsheets, graphs, charts, presentations, databases, calendars, telephone records and voice mail, Internet data, 
networks and network access information, computer systems, including legacy systems (hardware and 
software), servers, archives, backup or disaster recovery systems, tapes, discs, drives, cartridges and other 
storage media, including but not limited to CDs, DVDs, external hard drives, thumb drives and floppy discs, 
laptops, desktops, personal digital assistants ("PDAs"), handheld wireless devices, mobile telephones, paging 


devices and audio systems. 


Element Management Functions A set of functions for management of network elements on an individual 


basis. These are basically the same functions as those supported by the corresponding local terminals. 


Element Manager Provides a package of end-user functions for management of a set of closely related types of 


network elements. 


Email / E-mail Electronic Mail 
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Email Ingest Automated Email Ingest feature allows users to create structured, actionable threat 
intelligence with ease from emails originating from trusted sources and sharing partners or from suspected 
spearphishing emails. 

Email Software Enables people to electronically communicate with other people by sending and receiving e- 
mail. 

Email Electronic mail. 

Embedded Computer Computer system that is an integral part of a larger system. 


Embedded Cryptographic System Cryptosystem performing or controlling a function as an integral element 


of a larger system or subsystem. 


Embedded Cryptography Cryptography engineered into equipment or system whose basic function 
is not cryptographic. 

Embedded Message In steganography, it is the hidden message that is to be put into the cover 
medium. 

Embedding To cause to be an integral part of a surrounding whole. In steganography and watermarking, 


embedding refers to the process of inserting the hidden message into the cover medium. 
EMC (1) Electromagnetic Conductance. 


EMC (2) Electronic Media Claims. This term usually refers to a flat file format used to transmit or 
transport claims, such as the 192-byte UB-92 Institutional EMC format and the 320-byte Professional EMC 
NSF. 


EME-OAEP Padding A padding scheme for public key cryptography that uses a “random” value 
generated, using a cryptographic hash function in order to prevent particular types of attacks against RSA. 
EMF Electromagnetic Field. 

EMI Electromagnetic Interference. Electromagnetic waves emitted by a device. 

EMP Electromagnetic Pulse. 

EMR Electronic Medical Record. 

EMSEC Emanations Security. Protection resulting from measures taken to deny unauthorized 


individuals information derived from intercept and analysis of compromising emissions from crypto- 


equipment or an information system. 


mission Security. e protection resulting from all measures taken to deny unauthorize 
EMSEC E S ty. The protect Iting fi ll taken to deny th d 
persons information of value that might be derived from intercept and from an analysis of compromising 


emanations from systems. 


Encapsulated Security Payload An IPsec protocol that provides confidentiality, data origin authentication, 


data integrity services, tunneling, and protection from replay attacks, 


Encapsulated Subsystem A collection of procedures and data objects that is protected in a domain 
of its own so that the internal structure of a data object is accessible only to the procedures of the encapsulated 


subsystem and that those procedures may be called only at designated domain entry points. Encapsulated 
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subsystem, protected subsystem and protected mechanisms of the TCB are terms that may be used 
interchangeably. 


Encapsulation The technique used by layered protocols in which a layer adds header information to the 
protocol data unit (PDI) from the layer above. 


Encipher The process of converting plaintext into unintelligible form by means of a cipher system. 
Encipherment — The cryptographic transformation of data to produce ciphertext. 


Enclave BoundaryPoint at which an enclave’s internal network service layer connects to an external network's 


service layer, i.e., to another enclave or to a Wide Area Network (WAN). 


Enclave An environment that is under the control of a single authority and has a homogeneous 
security policy, including personnel and physical security. Local and remote elements that access resources 
within an enclave must satisfy the policy of the enclave. Enclaves can be specific to an organization or a 
mission and may also contain multiple networks. They may be logical, such as an operational area network 


(OAN) or be based on physical location and proximity. 


Encode To convert plaintext to ciphertext by means of a code. 
Encoding The process of converting data into code or analog voice into a digital signal. 
Encrypt/ Encipher/ Encode Encryption is the transformation of information into a form that is 


impossible to read unless you have a specific piece of information, which is usually referred to as the “key.” 
The purpose is to keep information private from those who are not intended to have access to it. To encrypt is 


essentially about making information confusing and hiding the meaning of it. 


Encrypted Key A cryptographic key that has been encrypted using an Approved security function with a key 
encrypting key, a PIN, or a password in order to disguise the value of the underlying plaintext key. 


Encrypted Network A network on which messages are encrypted (e.g., using DES, AES, or 
other appropriate algorithms) to prevent reading by unauthorized parties. 


Encrypted Text Data which is encoded into an unclassified form using a nationally accepted form of 


encoding. 


Encrypted The method of transforming data into a form that conceals its original meaning in order to 


prevent it from being known or used by others. 


Encryption Algorithm A set of mathematically expressed rules for encoding information, thereby 


rendering it unintelligible to those who do not have the algorithm decoding key. 





Encryption Certificate A certificate containing a public key that can encrypt or decrypt electronic 
messages, files, documents, or data transmissions, or establish or exchange a session key for these same 


purposes. Key management sometimes refers to the process of storing protecting and escrowing 


Encryption Key A special mathematical code that allows encryption hardware/software to encode and then 


decipher an encrypted message. 


Encryption Encryption is the translation of data into a secret code, and is used to maintain the security 
of Internet transmissions and system data. Users must have access to special passwords called keys to encrypt 


the message and then to decrypt it -- turn it back into plain text. Encryption may be symmetric, where the 
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same key is used to encrypt and decrypt, or asymmetric, where a private key and a public key are both needed 
to communicate. In asymmetric encryption, private and public keys are made to serve opposite functions. If the 
private key is used to encrypt the message, the public key is used to decrypt, and vice versa. In addition to DES, 
encryption standards include RSA's RCA, or the more internationally popular IDEA algorithm, The most 
commonly used type of encryption, the short form of SRA keys, consists of 512 bits. Longer keys, such as 
1,024-bit, are used to protect sensitive military, banking and other data. 


Encrypt-Then-Authenticate When using a cipher to encrypt and a MAC to provide message integrity, 
this paradigm specifies that one encrypts the plaintext, then MACs the ciphertext. This paradigm has 


theoretically appealing properties and is recommended to use in practice. 


End Entity An End Entity can be considered as an end-user, a device such as a router or a server, a 
process, or anything that can be identified in the subject name of a public key certificate. End Entities can also 
be thought of as consumers of the PKI-related services. 


End System An OSI system that contains application processes capable of communication through all 


seven layers of OSI protocols. Equivalent to Internet host. 
Endianess The byte ordering scheme that a machine uses (usually either little endian or big endian). 


End-Item Accounting Accounting for all the accountable components of a COMSEC equipment 
configuration by a single short title. 


End-of-Life All software products have life cycles. End-of-life refers to the date when a software 
development company no longer provides automatic fixes, updates, or online technical assistance for the 


product. 


Endorsed Cryptographic Products List A list of products that provide electronic cryptographic 
coding (encrypting) and decoding (decrypting), and which have been endorsed for use for classified or 


sensitive unclassified U.S. government or government-derived information during its transmission. 


Endorsed TEMPEST Products List A list of commercially developed and commercially 
produced TEMPEST telecommunications equipment that NSA has endorsed, under the auspices of the NSA 
Endorsed TEMPEST Products Program, for use by government entities and their contractors to process 


classified U.S. government information. 


Endpoint Security In network security, endpoint security refers to security controls that 
validate the security compliance of the client system that is attempting to use the Secure Sockets Layer (SSL) 
virtual private networks (VPN). Endpoint security controls also include security protection mechanisms, such 


as Web browser cache cleaners, that remove sensitive information from client systems. 


End-to-End Encipherment Encipherment of data within or at the source end system, 


with the corresponding decipherment occurring only within or at the destination end system. 


End-to-End Encryption Communications encryption in which data is encrypted when being passed 
through a network, but routing information remains visible. Encryption of information at its origin and 


decryption at its intended destination without intermediate decryption. 


End-to-End Security Safeguarding information in an information system from point of origin 


to point of destination. 
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Enrollment Manager The management role that is responsible for assigning user identities to 


management and non-management roles. 


Enrollment The initial process of collecting biometric data from a user and then storing it in a template 


for later comparison. 


Enterprise Network The configuration of computer systems within an organization. Includes 


local area networks (LAN), wide area networks (WAN), bridges, and applications. 


Enterprise Risk Management A comprehensive approach to risk management that engages people, 
processes, and systems across an organization to improve the quality of decision making for managing risks 
that may hinder an organization’s ability to achieve its objectives. It involves the identification of mission 
dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the 
implementation of countermeasures to provide both a static risk posture and an effective dynamic response to 


active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary. 


Enterprise Root A certificate authority (CA) that grants itself a certificate and creates a subordinate CAs. 
The root CA gives the subordinate CAs their certificates, but the subordinate CAs can grant certificates to 


users, 


Enterprise ServiceA set of one or more computer applications and middleware systems hosted on computer 
hardware that provides standard information systems capabilities to end users and hosted mission applications 


and services. 


Enterprise Software A suite of software that includes (1) a set of common business 
applications; (2) tools for modeling how the organization works; and (3) development tools for building 


applications unique to the organization. 


Enterprise An organization with a defined mission/ goal and a defined boundary, using information 
systems to execute that mission, and with responsibility for managing its own risks and performance. An 
enterprise may consist of all or some of the following business aspects acquisition, program management, 
financial management (e.g., budgets), human resources, security, and information systems, information and 


mission management. 
Enterprise-Wide An entire organization, rather than a single line of business or function. 
Entity Barrier A product or service feature that customers have come to expect from companies. 


Entity Class A concept typically people, places, or things about which information can be stored and then 
identified with a unique key called the primary key. 


Entity Any patticipant in an authentication exchange; such a participant may be human or 


nonhuman, and may take the role of a claimant and/or verifier. 


Entity-Relationship (ER) Diagram A graphic method of representing entity classes and their relationships. 


Entrapment The deliberate planting of apparent flows in a system to invite penetrations. 
Entropy Gathering Daemon A substitute for /dev/random; a tool used for entropy harvesting. 
Entropy Harvester A piece of software responsible for gathering entropy from a machine and 


distilling it into small pieces of high entropy data. Often an entropy harvester will produce a seed for a 


cryptographic pseudo-random number generator. 
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Entropy A measure of the amount of uncertainty that an Attacker faces to determine the value of a 


secret. Entropy is usually stated in bits. 


Environment of Operation The physical surroundings in which an information system processes, 
stores, and transmits information. The physical, technical, and organizational setting in which an information 
system operates, including but not limited to missions/business functions; mission/business processes; threat 
space; vulnerabilities; enterprise and information security architectures; personnel; facilities; supply chain 
relationships; information technologies; organizational governance and culture; acquisition and procurement 
processes; organizational policies and procedures; organizational assumptions, constraints, risk tolerance, and 


priorities / trade-offs). 


Environment The aggregate of procedures, conditions, and objects that affects the 
development, operation, and maintenance of a system. Environment is often used with qualifiers such as 


computing environment, application environment, or threat environment, which limit the scope being 


considered. 

EOB Explanation of Benefits. 

EOMB Explanation of Medicare Benefits, Explanation of Medicaid Benefits, or Explanation of 
Member Benefits. 

EOT End of Transmission. 

EP Electronic Protect. Actions to protect personnel, facilities and equipment from 


enemy/ friendly EW that degrade or destroy own-force combat capability. 


Ephemeral Key A cryptographic key that is generated for each execution of a key establishment process and 
that meets other requirements of the key type (e.g., unique to each message or session), n some cases, 
ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender 
generates only one ephemeral key pair per message, and the private key is combined separately with each 


recipient’s public key. 


EPL Evaluated Products List. A list of equipments, hardware, software, and firmware that have 
been evaluated against, and found to be technically compliant, at a particular level of trust, with the DoD 
TCSEC by the NCSC. The EPL is included in the National Security Agency Information Systems Security 
Products and Services Catalogue, which is available through the Government Printing Office. 


EPP Endpoint Protection. 

EPROM Erasable programmable read-only memory. 

EPSDT Early and Periodic Screening, Diagnosis, and Treatment. 

ERA Electronic Remittance Advice. 

Eradication When containment measures have been deployed after an incident occurs, the root cause of 


the incident must be identified and removed from the network. Eradication methods include restoring backups 
to achieve a clean state of the system, removing the root cause, improving defenses and performing 


vulnerability analysis to find further potential damage from the same root cause. 


Erasable Programmable Read-Only Memory (EPEOM) A memory chip that can have its 


circuit logic erased and reprogrammed. 
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Erasure Process intended to render magnetically stored information irretrievable by normal means. 
ERISA The Employee Retirement Income Security Act of 1974. 
ERP Enterprise Resource Planning. The method of getting and keeping an overview of every part 


of the business, so that production and selling of goods and services will be coordinated to contribute to the 


company’s goals. 


Error Detection Code A code computed from data and comprised of redundant bits of 


information designed to detect, but not correct, unintentional changes in the data. 


Error of Commission An error that results from making a mistake or doing something wrong, 
Error of Omission An error that results from something that was not done. 
Error Rate A measure of the quality of circuits or equipment. The ratio of erroneously transmitted 


information to the total sent (generally computed per million characters sent). 


Error The difference between a computed, observed, or measured value or condition and the true, 


specified, or theoretically correct value or condition. 


Escrow Something (e.g., a document, an encryption key) that is "delivered to a third person to be 


given to the grantee only upon the fulfillment of a condition." 


eSecurity Internet security, cybersecurity 


ESF Extended Super Frame, refers to a TI framing standard that includes 24 frames of 192 bits 
each. ESF helps to extend D4 super frame from 12 frames to 24 frames. Also, the 193rd bit location is 
redefined by ESF to add increased efficiency, such as timing and other similar functions. ESF is more useful 
when compared with its predecessor super frame, because ESF enables facility data link communications and 
cyclical redundancy check (CRC) error detection, ESF significantly enhances customer service values by 


creating real-time metrics about efficiency, and network health and performance. ESF is sometimes referred to 


as DS framing. 
ESI Electronically Stored Information 
ESP Encapsulation Security Payload. Protocol, which is designed to provide a mix of security 


services in IPv4 and IPv6. ESP can be used to provide confidentiality, data origin authentication, 
connectionless integrity, an anti-replay service (a form of partial sequence integrity), and (limited) traffic flow 
confidentiality. The ESP header is inserted after the IP header and before the next layer protocol header 
(transport mode) or before an encapsulated IP header (tunnel mode). 


Espionage The practice or employment of spies; the practice of watching the words and conduct of 
others, to make discoveries, as spies or secret emissaries; secret watching. This category of computer crime 
includes international spies and their contractors who steal secrets from defense, academic, and laboratory 
research facility computer systems. It includes criminals who steal information and intelligence from law 
enforcement computers, and industrial espionage agents who operate for competitive companies or for foreign 
governments who are willing to pay for the information. What has generally been known as industrial 
espionage is now being called competitive intelligence. A lot of information can be gained through “open 
source” collection and analysis without ever having to break into a competitor’s computer. This information 


gathering is also competitive intelligence, although it is not as ethically questionable as other techniques. 
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ET Exchange Termination. 

E-tailor An Internet retail site. 

ETC User data protection export to outside TSF control. 
ETDR Endpoint Threat Detection and Response 


Ethernet Card — The most common type of network interface card. 


Ethernet Technology The most common technology for connecting computers together in a 
network. 
Ethernet A LAN technology that is in wide use today utilizing CSMA/CD (Carrier Sense Multiple 


Access/Collision Detection) to control access to the physical medium (usually a category 5 Ethernet cable). 
Normal throughput speeds for Ethernet are 10 Mbps, 100 Mbps, and I Gbps. 


Ethical Hacker A computer security professional who is hired by a company to break into its computer 


system. 

Ethics The principles and standards that guide people’s behavior towards others. 

ETSI European Telecommunication Standards Institute. 

Euclidian Algorithm An algorithm that computes the greatest common divisor of any two 
numbers. 

EULA End User License Agreement. A contract between you and your software’s vendor or 


developer. Many times, the EULA is presented as a dialog box that appears the first time you open the 
software and forces you to check “I accept” before you can proceed. Before accepting, though, read through it 
and make sure you understand and are comfortable with the terms of the agreement. If the software’s EULA is 


hard to understand or you can’t find it, beware! 


Evaluated Systems refers to operating systems, networks or databases that, either separately or 
together have been evaluated against a security standard defined by the US Department of Defense in a book 
called the Orange Book, technically known as the Trusted Computer Systems Evaluation Criteria (TCSEC). 
The TCSEC defines a hierarchy of various levels of security functionality and assurance criteria. Progression 
up the hierarchy involves the addition of security functionality and more stringent assurance criteria to enable 
users to place progressively more trust in the higher rated systems. The complementary effort in Europe is 


called the ITSEC (Information Technology Security Evaluation Criteria). 


Evaluation and Validation Scheme An IT security evaluation facility, accredited by the National Voluntary 
Laboratory Accreditation Program (NVLAP) and approved by the NIAP Oversight Body to conduct CC- 


based evaluations. 


Evaluation Criteria IT Security Evaluation Criteria. 
Evaluation Methodology IT Security Evaluation Methodology. 
Evaluation The inspection and testing of specific hardware and software products against accepted 


Information Assurance/ Information Security standards. 


EVC Endpoint Visibility and Control 
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Event An observable occurrence in an information system or network. Sometimes provides an 


indication that an incident is occurring or at least raise the suspicion that an incident may be occurring. 


Evidence (1) Information that proves or disproves a stated issue. (2) Information that an auditor 
gathers in the course of performing an IS audit; relevant if it pertains to the audit objectives and has a logical 


relationship to the findings and conclusions it is used to support. 


Evil Twins A fake wireless Internet hot spot that looks like a legitimate service. When victims connect 
to the wireless network, a hacker can launch a spying attack on their transactions on the Internet, or just ask 


for credit card information in the standard pay-for-access deal. 


Evolution Checking Testing to ensure the completeness and consistency of a software product 


at different levels of specification when that product is a refinement or elaboration of another. 


Evolutionary Program Strategies Generally characterized by design, development, and deployment of a 
preliminary capability that includes provisions for the evolutionary addition of future functionality and 


changes, as requirements are further defined. 


Examination A technical review that makes the evidence visible and suitable for analysis; 


tests performed on the evidence to determine the presence or absence of specific data. 


Examine A type of assessment method that is characterized by the process of checking, inspecting, 
reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve 
clarification, or obtain evidence, the results of which are used to support the determination of security control 


effectiveness over time. 


Exception ReportA manager report that highlights abnormal business conditions. Usually, such reports 


prompt management action or inquiry. 


Exchange authentication information Information exchanged between a claimant and a verifier 


during the process of authenticating a principal. 


Exchange Type Exchange type defines the number of messages in an ISAKMP exchange and the ordering of 
the used payload types for each of these messages. Through this arrangement of messages and payloads 


security services are provided by the exchange type. 
Exclusion Intentionally excluding someone from a group or invitation. 
Exculpatory Evidence Evidence that tends to decrease the likelihood of fault or guilt. 


Executable File A file that is in a format the computer can directly execute, as opposed to source files, which 
are created by and for the user. Executable files are essential to running your computer, but can also do it harm. 


Spyware programs often include executable files that can operate without your knowledge. 


Executive Agency An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military 
department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); 
and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91. 


Exercise Key Cryptographic key material used exclusively to safeguard communications transmitted over- 


the-air during military or organized civil training exercises. 


Exfiltration The unauthorized removal of data or files from a system by an intruder. 
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Expand To increase in extent, number, volume, or scope. 
Expandability Refers to how easy it is to add features or functions to a system, 


Expansion Bus Moves information from the CPU and RAM to all other hardware devices such as a 


microphone or printer. 
Expansion Card A circuit board that is inserted into an expansion slot. 
Expansion Slot A long skinny pocket on the motherboard into which an expansion card can be inserted. 


Expected Output Any data collected from monitoring and assessments as part of the Information Security 


Continuous Monitoring (ISCM) strategy. 


Expert System Knowledge-Based System. The application of computer-based artificial intelligence in areas 
of specialized knowledge. 





Explanation Module The part of an expert system where the “why” information, supplied by 
the domain expert, is stored to be accessed by knowledge workers who want to know why the expert systems 


asked a question or reached a conclusion. 
Exploit Code A program that allows attackers to automatically break into a system. 


Exploit A technique or code that uses a vulnerability to provide system access to the attacker. An 


exploit is an intentional attack to impact an operating system or application program. 
P P P g Sy: PP prog 


Exploitable Channel The Channel that allows the violation of the security policy governing an 


information system and is usable or detectable by subjects external to the trusted computing base. 


Exploitation Analysis The cybersecurity work where a person analyzes collected information to 


identify vulnerabilities and potential for exploitation, 





Exposure The condition of being unprotected, thereby allowing access to information or access to 


capabilities that an attacker can use to enter a system or network. 


Extended Euclidian Algorithm An algorithm used to compute the inverse of a number modulo “some 


other number.” 


Extensibility A property of software such that new kinds of object or functionality can be added to it with 


little or no effect to the existing system. 


Extensible Authentication Protocol An IETF standard means of extending authentication protocols, such as 
CHAP and PAP, to include additional authentication data; for example, biometric data. 


External Certificate Authority An agent that is trusted and authorized to issue certificates to approved 
vendors and contractors for the purpose of enabling secure interoperability with DoD entities. Operating 
requirements for ECAs must be approved by the DoD CIO, in coordination with the DoD Comptroller and 
the DoD General Counsel. 


External Connections An information system or component of an information system that is 
outside of the authorization boundary established by the organization and for which the organization typically 
has no direct control over the application of required security controls or the assessment of security control 


effectiveness. 
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External Information System Service Provider A provider of external information system services to an 
organization through a variety of consumer-producer relationships, including but not limited to joint ventures; 
business partnerships; outsourcing arrangements (i.e. through contracts, interagency agreements, lines of 


business arrangements); licensing agreements; and/or supply chain exchanges. 


External Information System Service An information system service that is implemented 
outside of the authorization boundary of the organizational information system (i.e., a service that is used by, 
but not a part of, the organizational information system) and for which the organization typically has no 
direct control over the application of required security controls or the assessment of security control 


effectiveness. 


External Information System An information system or component of an information system that is 
outside of the authorization boundary established by the organization and for which the organization typically 


has no direct control over the application of required security controls or the assessment of security control 


effectiveness. 

External Information Describes the environment surrounding the organization. 

External Network A network not controlled by the organization. 

External Security Testing Security testing conducted from outside the organization’s security 
perimeter. 

Extraction Engine Smart software with a vocabulary of job-related skills that allows it to 


recognize and catalog terms in a scannable resume. 


Extraction Resistance Capability of crypto-equipment or secure telecommunications equipment 


to resist efforts to extract key. 


Extranet A private network that uses Web technology, permitting the sharing of portions of an 


enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises. 
Fading Signal disruption caused by multipath signals and heavy rains. 


Fail Operational The system must continue to provide some degree of service if it is not to be hazardous; it 


cannot simply shut down for example, an aircraft flight control system. 
ply P gs y' 


Fail Safe The automatic termination and protection of programs or other processing operations when 


a hardware, software, or firmware failure is detected in a computer system. 


Fail safe/secure (1) A design wherein the component/ system, should it fail, will fail to a safe/secure 
condition. (2) The system can be brought to a safe/secure condition or state by shutting it down; for example, 


the shutdown of a nuclear reactor by a monitoring and protection system. . 


Fail Soft The selective termination of nonessential processing affected by a hardware, software, or 


firmware failure in a computer system, 


Failed State A failed state is a state perceived as having failed at some of the basic conditions and 
responsibilities of a sovereign government. There is no general consensus on the definition of a failed state. 
The definition of a failed state according to the Fund for Peace is often used to characterize a failed state: loss 


of control of its territory, or of the monopoly on the legitimate use of physical force therein; erosion of 
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legitimate authority to make collective decisions; an inability to provide public services an inability to interact 


with other states as a full member of the international community. 


Failover The capability to switch over automatically (typically without human intervention or 
warning) to a redundant or standby information system upon the failure or abnormal termination of the 


previously active system. 


Failure Access — Unauthorized and usually inadvertent access to data resulting from a hardware, software, or 


firmware failure in the computer system. 


Failure Control The methodology used to detect and provide fail-safe or fail-soft recovery from hardware, 


software, or firmware failure in a computer system. 


Failure Minimization Actions designed or programmed to reduce failure possibilities to the 


lowest rates possible. 


Failure The inability of a system or component to perform its required functions within specified 
performance requirements. Three categories of failure are commonly recognized (1) incipient failures are 
failures that are about to occur; (2) hard failures are failures that result in a complete shutdown of a system; 


and (3) soft failures are failures that result in a transition to degraded-mode operations or a fail operational 


status. 
Fair Use Doctrine Allows the use of copyrighted material in certain situations. 
Fallback Procedures Predefined operations (manual or automatic) invoked when a fault or 


failure is detected in a system. 


Fall-Through Logic Predicting which way a program will branch when an option is presented. 


It is an optimized code based on a branch prediction. 


False Acceptance When a biometric system incorrectly identifies an individual or incorrectly verifies an 
impostor against a claimed identity. In biometrics, the instance of a security system incorrectly verifying or 
identifying an unauthorized person, It typically is considered the most serious of biometric security errors as it 


gives unauthorized users access to systems that expressly are trying to keep them out. 


False Positives A false positive is normal behavior that is marked as ‘different’, or possibly malicious. Too 


many false positives can drown out true alerts. 


False Rejection In biometrics the instance of a security system failing to verify or identify an authorized 
person. It does not necessarily indicate a flaw in the biometric system; for example, in a fingerprint-based 
system, an incorrectly aligned finger on the scanner or dirt on the scanner can result in the scanner misreading 


the fingerprint, causing a false rejection of the authorized user. 


FAR False Acceptance Rate. The probability that a biometric system will incorrectly identify an 
individual or will fail to reject an impostor. The rate given normally assumes passive impostor attempts. The 
measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an 
unauthorized user. A system’s false acceptance rate typically is stated as the ratio of the number of false 


acceptances divided by the number of identification attempts. 


Fast Ethernet Any of a number of 100-Mbps Ethernet specifications. Fast Ethernet offers a speed increase 
ten times that of the [OBaseT Ethernet specification, while preserving such qualities as frame format, MAC 


mechanisms, and MTU. Such similarities allow the use of existing IOBaseT applications and network 
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management tools on Fast Ethernet networks. Based on an extension to the IEEE 802.3 specification, 


Compare with Ethernet. 


Fast Flux Botnets Botnets employ fast flux techniques to obfuscate the specific host involved in their phishing 


schemes. A fast-flux domain name service enables bots to utilize a shifting number of compromised hosts. 


Fault Line Attack A Fault Line Attack uses weaknesses between interfaces of systems to exploit gaps in 


coverage. 


Fault Tolerance Built-in capability of a system to provide continued correct execution in the presence of a 


limited number of hardware or software faults. 


Fault (1) A defect that results in an incorrect step, process, data value, or mode/state. (2) A 


weakness of the system that allows circumventing protective controls. 


FBI Federal Bureau of Investigation, 

EG Frame Control (Token Ring). 

FCC Federal Communications Commission. 

FCO Communication functional class. 

FCPA Foreign Corrupt Practices Act. 

FCS Frame check sequence. 

FD Feasible Distance (EIGRP). 

FDA Food and Drug Administration. 

FDD Floppy Disk Drive. 

FDDI Fiber Distributed Data Interface. This is a Token Ring type of technology that utilizes 


encoded light pulses transmitted via fiber optic cabling for communications between computer systems. It 
supports a data rate of 100 Mbps and is more likely to be used as a LAN backbone between servers. It has 
redundancy built in so that if a host on the network fails, there is an alternate path for the light signals to take 
to keep the network up. 


FDE Full Disk Encryption. The process of encrypting all the data on the hard disk drive used to 
boot a computer, including the computer’s operating system, and permitting access to the data only after 


successful authentication with the full disk encryption product. 


FDM Frequency Division Multiplexing. An older technique in which the available transmission 
bandwidth of a circuit is divided by frequency into narrow bands, each used for a separate voice or data 


transmission channel, which many conversations can be carried on one circuit. 


FDMA Frequency Division Multiple Access. FDMA is the allocation of specific channels within a 
defined radio frequency bandwidth to carry a specific user’s information. FDMA is a mature, reliable method 


of RF communication, but requires more spectrum than competing technologies to deliver its payload. . 
FDP User data protection functional class, 
FDR Field Definition Record. A record of field definition. A list of the attributes that define the 


type of information that can be entered into a data field. 
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FDX Full-Duplex. An asynchronous) communications protocol that allows _ the 


communications channel to transmit and receive signals simultaneously. 


Feasibility Study An investigation of the legal, political, social, operational, technical, economic, and 
psychological effects of developing and implementing a system. 


eature Analysis e step o in whic e system captures the users’ words as spoken into a microphone, 
Feature Analysis The step of ASR hich the syst pt th p P 


eliminates any background noise, and converts the digital signals of speech into phonemes (syllables). 
Feature Creep Occurs when developers add extra features that were not part of the initial requirements. 
FECN Forward explicit congestion notification. 

FEDI Financial EDI. The use of EDI for payments. 


Feistal Network A Feistal network generates blocks of keystream from blocks of the message itself, through 


multiple rounds of groups of permutations and substitutions, each dependent on transformations of a key. 


FEP Front-End Processor. (1) A communications computer associated with a host computer can 
perform line control, message handling, code conversion, error control, and application functions. (2) A 


teleprocessing concentrator and router, as opposed to a back-end processor or a database machine. 
FERPA Family Educational Rights and Privacy Act. 


Fetch Protection A system-provided restriction to prevent a program from accessing data in another uset’s 


segment of storage. 


FFS Fee-for-Service. 
FIA Identification and authentication functional class. 
Fiber Distributed Data Interface (FDD]) LAN standard, defined by ANSI X3T9.5, specifying a 


100- Mbps token-passing network using fiberoptic cable, with transmission distances of up to 2 km, FDDI 


uses a dual-ring architecture to provide redundancy. 


Fiber-Optic A strand of very pure, very clear glass that can carry more information longer distances. 

Fiche A sheet of photographic film containing multiple microimages; a form of computer output 
microfilm. 

Fidelity Accuracy, exact correspondence to truth or fact, the degree to which a system or information 


is distortion-free. 


Field A basic unit of data, usually part of a record that is located on an input, storage, or output 
microfilm. 

FIFO First in, first out. 

File Creation The building of master or transaction files. 


File Encryption The process of encrypting individual files on a storage medium and permitting access to the 


encrypted data only after proper authentication is provided. 


File Format Dependence A factor in determining the robustness of a piece of stegoed media. 


Coverting an image from on format to another will usually render the embedded message unrecoverable. 
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File Inquiry The selection of records from files and immediate display of their contents on a terminal 


output device. 


File Integrity Monitoring An internal control or process that performs the act of validating the 
integrity of operating system and application software files using a verification method between the current file 


state and the known, good baseline 


File Maintenance The changing of master file by changing the contents of existing records, adding new records, 


or deleting old records. 


File Name Anomaly (1) A mismatch between the internal file header and its external extension; 
or (2) A file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical 


extension. 


File Protection The aggregate of all processes and procedures established in a computer system and designed 


to inhibit unauthorized access, contamination, or elimination of a file. 


File Security Means by which access to computer files is only limited to authorized users. 

File Sharing Making files available over the Internet or network to other users, typically music or video 
files. 

File Transfer The process of copying a file from one computer to another over a network. 


File Updating The posting of transaction data to master files or maintenance of master files through record 


additions, changes, or deletions. 


File A basic unit of data records organized on a storage medium for convenient location, access, 
and updating, 
File-Sharing Programs Sometimes called peer-to-peer (P2P) programs, these allow many different 


users to access the same file at the same time. These programs are often used to illegally upload and download 


music and other software. Examples include Napster, Grokster, Kazaa, iMesh, Ares and Limewire. 


Fill Device COMSEC item used to transfer or store key in electronic form or to insert key into 


cryptographic equipment. 


Filter A process or device that screens incoming information for definite characteristics and allows 
a subset of that information to pass through. A filter can restrict times when the internet can be accessed and 
also restrict what is viewed and downloaded based on certain key words or types of content. Some filters can 
also be instructed to specifically block information from being displayed. Types of filters range from those on 


home computers to filters used by a school on its server. 
FIM File Integrity Monitoring 


Financial Cybermediaries Internet-based companies that make it easy for one person to pay another 


over the Internet. 


Finger A program (and a protocol) that displays information about a particular user, or all users, 
logged on a local system or on a remote system. It typically shows full-time name, last login time, idle time, 
terminal line, and terminal location (where applicable). It may also display plan and project files left by the 


user. 
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FIPS Federal Information Processing Standard. 


FIPS-140 A standard authored by the U.S, National Institute of Standards and Technology, that 
details general security requirements for cryptographic software deployed in a government systems (primarily 


cryptographic providers). 
FIPS-Approved Security Method A security method (eg., cryptographic algorithm, cryptographic key 


generation algorithm or key distribution technique, random number generator, authentication technique, or 


evaluation criteria) that is either a) specified in a FIPS, or b) adopted in a FIPS. 


FIPS-Validated Cryptography A cryptographic module validated by the Cryptographic Module 
Validation Program (CMVP) to meet requirements specified in FIPS 140-2 (as amended). As a prerequisite 
to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm 
implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation 
Program (CAVP). 


Firefly Key management protocol based on public key cryptography. 


Firewall Control Proxy The component that controls a firewall’s handling of a call. The firewall 
control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to 


close these ports at call termination. 


Firewall A firewall is a hardware/software systems that manages the flow of information between the 
Internet and an organization's private network. Firewalls can prevent unauthorized Internet users from 
accessing private networks connected to the Internet, especially intranets, and can block some virus attacks — as 
long as those viruses are coming from the Internet. A firewall also may be used to separate two or more parts 
of a local network to control data exchange between departments. Components of firewalls include filters or 
screens, each of which controls transmission of certain classes of traffic. Firewalls provide the first line of 
defense for protecting private information, but comprehensive security systems combine firewalls with 


encryption and other complementary services, such as content filtering, intrusion detection, etc. 


Firmware The programs and data components of a cryptographic module that are stored in hardware 
within the cryptographic boundary and cannot be dynamically written or modified during execution. 
Computer programs and data stored in hardware typically in read only memory (ROM) or programmable 
read-only memory (PROM) such that the programs and data cannot be dynamically written or modified 


during execution of the programs. 


FIRST Forum of Incident Response and Security Teams. A unit of the Internet Society that 
coordinates the activities of worldwide Computer Emergency Response Teams, regarding security-related 


incidents and information sharing on Internet security risks. 


Flaggin Flagging is reporting content you encounter online because you believe it is inappropriate for 
sging gging P g y' y Pprop 


example, you may flag a post on an online forum for moderators to review. 
Flame Mail Extremely critical or abusive emails containing offensive language and comments. 


Flame War Breaks out when flame emails are sent back and forth between individuals repeatedly. 


Extremely critical or abusive emails containing offensive language and comments. 


Flame To express strong opinion or criticism of something, usually as a frank inflammatory 


statement in an electronic message. 
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Flaming Sending offensive messages containing degrading content about an individual directly to that 


individual or to an online group. 


Flat File A collection of records containing no data aggregates, nested, or repeated data items, or 


groups of data items. 
Flat-Panel Display Thin lightweight monitor that takes up much less space than a CRT. 


Flaw Hypothesis Methodology System analysis and penetration technique in which the specification and 
documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is 
prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the 
extent of control or compromise it would provide. The prioritized list is used to perform penetration testing 


of a system. 


Flaw An etror of commission, omission, or oversight in an information system that may allow 


protection mechanisms to be bypassed. 


Flexibility Responsiveness to change, specifically as it relates to user information needs and operational 
environment. 

Flooded Transmission A transmission in which data is sent over every link in the network. 
Flooding An attack that attempts to cause a failure in a system by providing more input than the 


system can process ptoperly. 


Floppy Fisk A flexible removable disk used for magnetic storage of data, programs, or information. 

FLR Lifecycle support, flaw remediation. 

FLS Protection of the TSF, failure secure. 

FLT Resource utilization, fault tolerance. 

FM Frequency Modulation. A modulation technique in which the carrier frequency is shifted by 


an amount proportional to the value of the modulating signal. The amplitude of the carrier signal remains 
constant, The information signal causes the carrier signal to increase or decrease its frequency based on the 


waveform of the information signal. 
FMBS Frame-Mode Bearer Service. 


FMECA Failure mode effects criticality analysis; an IA analysis technique that systematically reviews 
all components and materials in a system or product to determine cause(s) of their failures, the downstream 
results of such failures, and the criticality of such failures as accident precursors. FMECA can be performed on 


individual components (hardware, software, and communications equipment) and integrated at the system 


level. 
FMT Security management functional class. 
FOC Full Operational Capability. The time at which a new system has been installed at all 


planned locations and has been fully integrated into the operational structure. 


Focused Testing A test methodology that assumes some knowledge of the internal structure and 


implementation detail of the assessment object. 
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Follow / Follower A term used by social networking sites to indicate someone who can view 
the content posted by your account/profile and, in some cases, the personal information (i.e. phone number, 


address, etc.) associated with your account / profile. 
Force A group of platforms and sites organized for a particular purpose. 


Foreign Government Information (1) Information provided to the United States by a foreign government or 
international organization of governments in the expectation, express or implied, that the information is to be 
kept in confidence. (2) Information, requiring confidentiality, produced by the United States pursuant to a 
written joint arrangement with a foreign government or international organization of governments. A written 
joint arrangement may be evidenced by an exchange of letters, a memorandum of understanding, or other 


written record of the joint arrangement. 
Foreign Key A primary key of one file (relation) that appears in another file (relation). 


Forensic Copy An accurate bit-for-bit reproduction of the information contained on an electronic device or 


associated media, whose validity and integrity has been verified using an accepted algorithm. 


Forensic Discovery Forensic or E-discovery is the search and analysis of electronic documents 
and data. Electronic documents include virtually anything that is stored on a computer such as e-mail, web 
pages, word processing files, and computer databases. Electronic records can be found on a wide variety of 
devices such as desktop and laptop computers, network servers, personal digital assistants and digital phones. 
Documents and data are "electronic" if they exist in a medium that can only be read by using computers such 
as cache memory, magnetic disks (for example computer hard drives or floppy disks), optical disks (for 
example DVDs or CDs), and magnetic tapes. Electronic discovery is frequently distinguished from traditional 
"paper discovery," which is the discovery of writings on paper that can be read without the assistance of 
computers. Forensic Discovery is frequently required in legal proceedings and is submitted as evidence in 


Court. 


Forensic Examination The process of collecting, assessing, classifying and documenting digital 


evidence to assist in the identification of an offender and the method of compromise. 
Forensic Image Copy An exact copy or snapshot of the contents of an electronic medium. 


Forensic Investigator PCI Forensic Investigators (PFIs) are companies approved by the PCI 
Council to help determine when and how a card data breach occurred. They perform investigations within the 
financial industry using proven investigative methodologies and tools. They also work with law enforcement to 


support stakeholders with any resulting criminal investigations. 


Forensic Specialist A professional who locates, identifies, collects, analyzes, and examines data 


while preserving the integrity and maintaining a strict chain of custody of information discovered. 


Forensically Clean Digital media that is completely wiped of all data, including nonessential 


and residual data, scanned for malware, and verified before use. 


Forensics The practice of gathering, retaining, and analyzing computer-related data for investigative 


purposes in a manner that maintains the integrity of the data. 
Forgery A false, fake, or counterfeit datum, document, image, or act. 


Formal Access Approval A formalization of the security determination for authorizing access to a 


specific type of classified or sensitive information, based on specified access requirements, a determination of 
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the individual’s security eligibility and a determination that the individual’s official duties require the 


individual be provided access to the information. 


Formal Analysis The use of rigorous mathematical techniques to analyze a solution. The algorithms may be 


analyzed for numerical properties, efficiency, and correctness. 
Formal Design The part of a software design written using a formal notation, 
Formal Development Methodology Software development strategy that proves security design specifications. 


Formal Method (1) A software specification and production method, based on discrete mathematics, that 
comprises a collection of mathematical notations addressing the specification, design, and development 
processes of software production, resulting in a well-founded logical inference system in which formal 
verification proofs and proofs of other properties can be formulated, and a methodological framework within 
which software can be developed from the specification in a formally verifiable manner. (2) The use of 


mathematical techniques in the specification, design, and analysis of computer hardware and software. 
Formal Notation The mathematical notation of a formal method. . 


Formal Proof — Complete and convincing mathematical argument presenting the full logical justification for 


each proof step and for the truth of a theorem or set of theorems. 


Formal Review A type of review typically scheduled at the end of each activity or stage of development to 
teview a component of a deliverable or, in some cases, a complete deliverable or the software product and its 


supporting documentation. 


Formal Security Policy Mathematically-precise statement of a security policy. 
Formal Specification The part of the software specification written using a formal notation. 
Format String Attack The C standard library uses specifiers to format output. If an attacker can 


control the input to such a format string, he can often write to arbitrary memory locations. 
Format The physical arrangement of data characters, fields, records, and files. 


Formatting Function The function that transforms the payload, associated data, and nonce into 


a sequence of complete blocks. 


Formerly Restricted Data Information removed from the restricted data category upon 
determination jointly by the Department of Energy and Department of Defense that such information relates 
primarily to the military utilization of atomic weapons and that such information can be adequately 
safeguarded as classified defense information subject to the restrictions on transmission to other countries and 


regional defense organizations that apply to restricted data. 


Formulary A technique for permitting the decision to grant or deny access to be determined 


dynamically at access time rather than at the time the access list is created. 


Fortran Formula Translation. A high-level programming language developed primarily to translate 


mathematical formulas into computer code. 


Forward Cipher One of the two functions of the block cipher algorithm that is determined by the choice of a 
cryptographic key. The term “forward cipher operation” is used for TDEA, while the term “forward 


transformation” is used for DEA. 
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Forward Secrecy Ensuring that the compromise of a secret does not divulge information that could lead to 
data protected prior to the compromise. In many systems with forward secrecy, it is only provided on a per- 
session basis, meaning that a key compromise will not affect previous sessions, but would allow an attacker to 


decrypt previous messages sent as a part of the current session. 


Fourier Transform An image processing tool which is used to decompose an image into its 


constituent parts or to view a signal in either the time or frequency domain. 


FPR Privacy functional class. 

FPT Protection of the TSF functional class. 

FQDN Fully Qualified Domain Name. A complete Internet address, including the complete host 
and domain name. 

FRAD Frame Relay Access Device. 

Fragile Watermark A watermark that is designed to prove authenticity of an image or other 


media. A fragile watermark is destroyed, by design, when the cover is manipulated digitially. If the watermark 
is still intact then the cover has not been tampered with. Fragile watermark technology could be useful in 


authenticating evidence or ensuring the accuracy of medical records or other sensitive data. 


Fragment A piece of a packet. When a router is forwarding an IP packet to a network with a 
Maximum Transmission Unit smaller than the packet size, it is forced to break up that packet into multiple 


fragments. These fragments will be reassembled by the IP layer at the destination host. 


Fragmentation The process in which an IP datagram is broken into smaller pieces to fit the requirements of 


a given physical network. The reverse process is termed “reassembly.” 


Frame Relay A high-performance WAN protocol that operates at the physical and data link layers of the 
open systems interconnect (OSI) reference model. Frame relay is an example of a packet-switched technology. 
Packet-switched networks enable end stations to dynamically share the network medium and the available 


bandwidth. Frame relay uses existing TI and T3 lines and provides connection speeds from 56 Kbps to TI. 


Framework Defines a set of application programming interface (API) classes for developing applications 


and for providing system services to those applications. 
Free Electrons Electrons that are not attached to an atom or molecule. 


Free Space and Atmospheric Attenuation Defined by the loss the signal undergoes traveling 
through the atmosphere. Changes in air density and absorption by atmospheric particles are principle reasons 


for affecting the microwave signal in a free air space. 
Freeware Freeware is copyrighted computer software which is made available for use free of charge. 


Frequency Diversity A form of backup used to protect a radio signal. A second signal 


continually operates on a separate frequency and assumes the load when the regular channel fails. 


Frequency Domain A way of representing a signal where the horizontal deflection is the 


frequency variable and the vertical deflection is the signals amplitude at that frequency. 


Frequency Hopping The repeated switching of frequencies during radio transmission according 


to a specified algorithm, to minimize unauthorized interception or jamming of telecommunications. 
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Frequency Masking A condition where two tones with relatively close frequencies are played at 


the same time and the louder tone masks the quieter tone. 
Frequency The rate at which an electromagnetic waveform alternates, usually measured in Hertz. 


Frictionless Sharing The transparent and often automatically facilitated (non-manual) sharing 
of information and resources using social media services. For example, posting an update on a blog, which then 


automatically posts a link to that update on another web platform, such as Twitter. 


Friending The act of requesting another person to be your friend (and thereby formally connecting 


with you) on a social networking site. 


Front Office Space The primary interface to customers and sales channels. 
Front Porch The access point to a secure network environment; also known as a firewall. 
Front-End Computer A computer that offloads input and output activities from the central 


computer so it can operate primarily in a processing mode; sometimes called a front-end processor. 


FRR False Rejection Rate. The probability that a biometric system will fail to identify an 
applicant, or verify the legitimate claimed identity of an applicant. The measure of the likelihood that the 
biometric security system will incorrectly reject an access attempt by an authorized user. A system’s false 
rejection rate typically is stated as the ratio of the number of false rejections divided by the number of 


identification attempts. 


FRU Resource utilization functional class. 
FSIP Fast serial interface processor. 
FS-ISAC Financial Services Information Sharing and Analysis Center. A nonprofit, information- 


sharing forum established by financial services industry participants to facilitate the public and private sectors’ 


sharing of physical and cybersecurity threat and vulnerability information. 


FSK Frequency shift keying. 
FSP Development, functional specification, 
FTA Fault tree analysis; an IA analysis technique by which possibilities of occurrence of specific 


adverse events are investigated. All factors, conditions, events, and relationships that could contribute to that 
event are analyzed. FTA can be performed on individual components (hardware, software, and 


communications equipment) and integrated at the system level. 


FIP File Transfer Protocol. A standard Internet protocol implemented in FTP server and client 
software, including most web browsers. It is used to transfer data reliably and efficiently. A very common 


method of moving files between two Internet sites. 


Full Maintenance Complete diagnostic repair, modification, and overhaul of COMSEC equipment, including 


repair of defective assemblies by piece part replacement. 


Full Wave Rectifier Diodes designed to be placed in an alternating current circuit and to 


convert alternating current into direct current. 


FUN Tests, functional tests. 
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Function In computer programming, a processing activity that performs a single identifiable task. 


Functional Analysis Translating requirements into operational and systems functions and 
identifying the major elements of the system and their configurations and initial functional design 


requirements. 


Functional Domain An identifiable DoD functional mission area. For purposes of the DoD 
purp 
policy memorandum, the functional domains are command and control, space, logistics, transportation, health 


affairs, personnel, financial services, public works, research and development, and Intelligence, Surveillance, and 


Reconnaissance (ISR). 


Functional Requirements Architectural atoms; the elementary building blocks of architectural 
concepts; made up of activities/functions, attributes associated with  activities/ ptocesses and 


processes/’ methods sequencing activities. 


Functional Safety The ability of a safety-related system to carry out the actions necessary to achieve or 


maintain a safe state for the equipment under control. 


Functional Specification The main product of systems analysis, which presents a detailed logical 
description of the new system. It contains sets of input, processing, storage, and output requirements 


specifying what the new system can do, 


Functional Testing The segment of security testing in which the advertised security 


mechanisms of the system are tested, under operational conditions, for correct operation. 
Functionality Degree of acceptable performance of an act. 


FWA Fixed Wireless Access. Replaces the last mile from the central office to the customer. This 
process usually consists of a pair of digital radio transmitters placed on rooftops, one at the central office and 
one at the users’ site. These systems usually operate at the 38 Ghz portion of the spectrum, Also known as 


wireless fiber (because of the high speeds of throughput) and as fixed wireless local loop. 


G2B Government to Business. The E-commerce activities performed between a government and 


its business partners for purposes such as purchasing materials or soliciting and accepting bids for work. 


G2C Government to Consumer. The E-commerce activities performed between a 


government and its citizens or consumers, including paying taxes and providing information and services. 


G2G Government to government. The E-commerce activities limited to a single nation’s 
government focusing on vertical integration (local, city, state, and federal) and horizontal integration (within 


the various branches and agencies). 


GAO General Accounting Office. 

Gap analysis The comparison of actual performance against expected or required 
performance. 

Garbage Collection A language mechanism that automatically deallocates memory for objects 


that are not accessible or referenced. 


Gateway A product that enables two dissimilar networks to communicate or interface with each other. 


In the IP community, an older term referring to a routing device. Today, the term “router” is used to describe 
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nodes that perform this function, and “gateway” refers to a special-purpose device that performs an 


application layer conversion of information from one protocol stack to another. 


GB Gigabyte. A Gigabyte is 1,073,741,824 (230) bytes. 1,024 Megabytes or 1,048,576 
Kilobytes. 

GEN Security Audit Generation. 

General Support System An interconnected set of information resources under the same direct 


management control that shares common functionality. It normally includes hardware, software, information, 
data, applications, communications, and people. An interconnected set of information resources under the 
same direct management control which shares common functionality. A system normally includes hardware, 
software, information, data, applications, communications, and people. A system can be, for example, a local 
area network (LAN) including smart terminals that supports a branch office, an agency-wide backbone, a 
communications network, a departmental data processing center including its operating system and utilities, a 


tactical radio network, or a shared information processing service organization (IPSO). 


General-Purpose Computer A computer that can be programmed to perform a wide variety of 


processing tests. 


Generativity Generativity is a system’s capacity to produce unanticipated change through unfiltered 


contributions from broad and varied audiences. 


Genetic Algorithm An artificial intelligence system that mimics the evolutionary, survival-of- 


the-fittest process to generate increasingly better solutions to a problem. 
GIF Graphics Interchange Format. 


GIG Architecture Global Information Grid Architecture. The architecture, composed of interrelated 
operational, systems and technical views, which defines the characteristics of and relationships among current 


and planned Global Information Grid assets in support to National Security missions. 


GIG Global Information Grid. The globally interconnected, end-to-end set of information 
capabilities for collecting, processing, storing, disseminating, and managing information on demand to 
warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and 
computing systems and services, software (including applications), data, security services, other associated 
services, and National Security Systems. Non-GIG IT includes stand-alone, self-contained, or embedded IT 


that is not, and will not be, connected to the enterprise network. 


Gigahertz The number of billions of CPU cycles per second. 
GIGO Garbage in, garbage out. 
GI Global Information Infrastructure. Worldwide interconnections of the information systems 


of all countries, international and multinational organizations, and international commercial communications. 


GIS Geographic Information System. A decision support system designed specifically to work 


with spatial information. 


GIT/Github A web-based Git repository hosting service. It offers all of the distributed revision control 
and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which 
is strictly a command-line tool, GitHub provides a Web-based graphical interface and desktop as well as 
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mobile integration. It also provides access control and several collaboration features such as bug tracking, 


feature requests, task management, and wikis for every project. 
GLBA The Gramm-Leach-Bliley Act. 
Global Digital Divide The term used specifically to describe differences in IT access and 


capabilities between different countries or regions of the world. 


Global Economy One in which customers, businesses, suppliers, distributors, and manufacturers operate 


without regard to physical and geographical boundaries. 


Global Reach The ability to extend a company’s reach to customers anywhere through an 


Internet connection and at a lower cost. 


Glove An input device that captures and records the shape, movement, and strength of the users’ 


hands and fingers. 
GNS Get Nearest Server (Novell). 


Going viral Internet content that is rapidly spread through electronic mail and social networking sites 


because most people who get it share it with their friends or social networks. 
Good Practice Best Practice 


Gopher Invented at the University of Minnesota in 1993 just before the Web, gopher was a widely 
successful method of making menus of material available over the Internet. Gopher was designed to be much 
easier to use than FTP, while still using a text-only interface. Gopher is a Client and Server style program, 
which requires that the user have a Gopher Client program, Although Gopher spread rapidly across the globe 
in only a couple of years, it has been largely supplanted by Hypertext, also known as WWW (World Wide 
Web). There are still thousands of Gopher Servers on the Internet and we can expect they will remain for a 
while. 


GOSIP Government OSI Profile. A U.S. Government procurement specification for OSI protocols. 
Gossip Sharing information about someone that is negative or not yours to share. 
Governance In computer security, the setting of clear expectations for the conduct (behaviors and actions) 


of the entity being governed and directing, controlling, and strongly influencing the entity to achieve these 
expectations. Governance includes specifying a framework for decision-making, with assigned decision rights 


and accountability, intended to consistently produce desired behaviors and actions. 


Governing Security Requisites Those security requirements that must be addressed in all systems. These 
requirements are set by policy, directive, or common practice; e.g., by Executive Order, Office of Management 
and Budget (OMB), Office of the Secretary of Defense, a Military Service or DoD Agency. Governing security 
requisites are typically high-level requirements. While implementations will vary from case to case, these 


requisites are fundamental and must be addressed. 
GPKI Global Public Key Infrastructure. 


GRA Governance, Risk Management and Compliance. A business term used to group the three 


close-related disciplines responsible for the protection of assets, and operations. 
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Graduated Security A security system that provides several levels (e.g., low, moderate, high) of 


protection based on threats, risks, available technology, support services, time, human concerns, and economics. 


Grand Design Program Strategies Characterized by acquisition, development, and deployment of the total 


functional capability in a single increment. 


Granularity The level of detail contained in a unit of data. The more there is, the lower the level of 
granularity; the less detail, the higher the level of granularity. 


Graphics Output Computer-generated output in the form of pictures, charts, and line drawings. 
Graphics Software Helps the user create and edit photos and art. 


Graphics Terminal An output device that displays pictures, charts, and line drawings, typically 
a high-resolution CRT. 


Gray box A method of penetration testing in which the hacker is given some information about the 
internal details of the target network in order to provide a quick summary of some specific strengths and 


weaknesses in that network’s security. 
GRC Governance, Risk and Compliance 
GRE Generic Routing Encapsulation. 


Grid Computing Harnesses computers together by way of the Internet or a virtual network to share CPU 


power, databases, and storage. 


Grooming Using the Internet to manipulate and gain trust of a minor as a first step towards the future 
sexual abuse, production or exposure of that minor. Sometimes involves developing the child’s sexual 


awareness and may take days, weeks, months or in some cases years to manipulate the minor. 


Group Authenticator Used, sometimes in addition to a sign-on authenticator, to allow access to 


specific data or functions that may be shared by all members of a particular group. 


Group Document Databases A powerful storage facility for organizing and managing all documents 


relayed to specific teams. 


Groupware Software designed to function over a network to allow several people to work together on 


documents and files. 


GSM Originally stood for Groupe Speciale Moble, but is now known as Global System for 


Mobile Communications. 


Guaranteed Service A service model that provides highly reliable performance with little or no 


variance in the measured performance criteria. 


Guard A mechanism limiting the exchange of information between information systems or 


subsystems. 


Guessing EntropyA measure of the difficulty that an Attacker has to guess the average password used in a 
system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an 
attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The 


attacker is assumed to know the actual password frequency distribution. 
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GUI Graphical User Interface. An interface in which the user can manipulate icons, windows, 
popdown menus, or other related constructs. A graphical user interface uses graphics such as a window, box, 
and menu to allow the user to communicate with the system. Allows users to move in and out of programs and 


manipulate their commands using a pointing device (usually a mouse). 


Guidelines Documented suggestions for regular and consistent implementation of accepted practices. 


They usually have less enforcement powers. 
GZL Get Zone List (AppleTalk). 


H4H Hackers for Hire. Acronym for hackers who offer their services to other criminal, terrorist or 


extremist groups (hired hackers), 


Hack/Crack To hack means to write one's own solution to a computer problem because no pre-written 
program or function exists to solve the problem. Programmers who are "hacking away" are starting from 
scratch and writing a new language or program to achieve the programming goal. However, "hacker" is often 
used to describe an unauthorized person who modifies a program by changing its code to corrupt or steal data. 
In self-defense, the hacking community has adopted the term "cracker" for someone whose sole aim is to 


break into secure systems. 


Hacker Unauthorized user who attempts to or gains access to an information system; an individual 
who uses computer technology in ways not originally intended by the vendor. Commonly the term is applied 
to people who attack others using computers. For the purposes of this discussion, hackers are subdivided as 
follows: Script kiddies, Unskilled attackers who do not have the ability to discover new vulnerabilities or write 
exploit code, and are dependent on the research and tools from others. Their goal is achievement. Their sub- 
goals are to gain access and deface web pages. Worm and virus writers, Attackers who write the propagation 
code used in the worms and viruses but not typically the exploit code used to penetrate the systems infected. 
Their goal is notoriety. Their sub-goals are to cause disruption of networks and attached computer systems. 
Security researchers and white hat operators, This group has two subcategories: bug hunters and exploit coders. 
Their goal is profit. Their subgoals are to improve security and achieve recognition with an exploit. 
Professional hacker-black hat, Individuals who get paid to write exploits or actually penetrate networks; this 
group also falls into the same two subcategories as above. Their goal is also profit. 


Hacking For many years, a noble endeavor involving intense study, dedicated analysis and hands-on 
learning about any technical field, including computing. Unfortunately, despite the best efforts of computer 
hobbyists worldwide, since the early 1980s, thanks largely to the ignorance of undereducated journalists, the 
term has become almost synonymous with cracking. Some die-hards continue the battle by referring to 


“criminal hacking” but it’s probably too late to reverse the shift in meaning. 


Hacktivism Hacktivism is a term that combines the terms “hacker” and “activism” and generally means 
the use of technical tools, including denial of service attacks, virtual sit-ins, web page defacement or redirects, 


to showcase a political message through either illegal or legally ambiguous methods. 


Hacktivist A portmanteau of "hacker" and "activist." Individuals that have a political motive for their 
activities, and identify that motivation by their actions, such as defacing opponents’ websites with counter- 


information or disinformation. 


Hadoop open-source software framework for distributed storage and processing of very large data 


sets on computer clusters built from commodity hardware 
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HAG High Assurance Guard. An enclave boundary protection device that controls access between 
a local area network that an enterprise system has a requirement to protect, and an external network that is 
outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic 
functional capabilities a Message Guard and a Directory Guard. The Message Guard provides filter service for 
message traffic traversing the Guard between adjacent security domains. The Directory Guard provides filter 


service for directory access and updates traversing the Guard between adjacent security domains. 


Half-Duplex Capability for data transmission in only one direction at a time between a sending station 


and a receiving station. 


Handofts (or switching) A cellular call is switched from one cell tower to another as the user moves 


from one area to the next. The switch is usually unnoticed by the user. 


Handover Interface A physical and logical interface across which the interception measures are 
requested from the NW0O/AP/service ptovider, and the results of interception are delivered from a 
NWO/AP/service ptovider (SvP) to an LEMF, 


Handshake Sequence of messages exchanged between two or more network devices to ensure 


transmission synchronization. 


Handshaking Procedure Dialogue between a user and a computer, two computers, or two programs 
to identify a user and authenticate his or her identity. This is done through a sequence of questions and 
answers that are based on information either previously stored in the computer or supplied to the computer by 


the initiator of the dialogue. 
Handspring A type of PDA that runs on the Palm Operating System (Palm OS). 


Happy Slapping An extreme form of bullying where physical assaults are recorded on mobile phones or 
digital cameras and distributed to others. 


Harassment Repeatedly sending nasty, mean, and insulting messages. 


Hard Copy Key Physical keying material, such as printed key lists, punched or printed key tapes, or 
programmable, read-only memories (PROM). 


Hard Disk A fixed or removable disk mass storage system permitting rapid direct access to data, 


programs, or information. 


Hard Handoff Sometimes a cell phone user being switched from one site to the next will need to be 


disconnected and reconnected to make the switch possible. 


Hardening Configuring a host's operating systems and applications to reduce the host’s security 
weaknesses. 
Hardware Key Logger A hardware device that captures keystrokes on their way from the 


keyboard to the motherboard. 


Hardware Reliability The ability of an item to correctly perform a required function under 


certain conditions in a specified operational environment for a stated period of time. 


Hardware Safety Integrity The overall failure rate for continuous-mode operations and_ the 
probability to operate on demand for demand-mode operations relative to random hardware failures in a 


dangerous mode of failure. 
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Hardware The mechanical devices that comprise a computer system, such as the central processing unit, 


monitor, keyboard, and mouse, as well as other equipment such as printers and speakers. 
Hardwired Key Permanently installed key. 


Hash Function An algorithm that maps or translates one set of bits into another (generally smaller) so that a 
message yields the same result every time the algorithm is executed using the same message as input. It is 
computationally infeasible for a message to be derived or reconstituted from the result produced by the 


algorithm or to find two different messages that produce the same hash result using the same algorithm. 


Hash Total The total of any numeric data field in a document or computer file. This total is checked 


against a control total of the same field to facilitate accuracy of processing. 


hash Value A numeric value resulting from applying a mathematical algorithm against a set of data such 
as a file. 
Hash Producing hash values for accessing data or for security. A hash value (or simply hash), also 


called a message digest, is a number generated from a string of text. The hash is substantially smaller than the 
text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will 
produce the same hash value. Hashing is also a common method of accessing data records. To create an index, 
called a hash table, for these records, you would apply a formula to each name to produce a unique numeric 


value. 


Hash-based Message Authentication Code (HMAC) A message authentication code that uses a cryptographic 


key in conjunction with a hash function. 


Hashing A process of applying a mathematical algorithm against a set of data to produce a numeric 
value (a ‘hash value’) that represents the data. Mapping a bit string of arbitrary length to a fixed length bit 
string to produce the hash value. 


Hashword Memory address containing hash total. 


Hate Websites In an international legal context a website that uses ‘hate speech’, which is communication 
that vilifies a person or a group on the basis of one or more characteristics such as colour, disability, ethnicity, 
gender, nationality, race, religion, and sexual orientation. ‘Hate sites’ often refer to websites, predominantly on 
social networking services, that are dedicated to emphasizing a particular viewpoint, often extreme, and 


targeted at specific individuals and/or groups. 


Hazard Likelihood The qualitative or quantitative likelihood that a potential hazard will occur. 
Most international standards define six levels of hazard likelihood (lowest to highest) incredible, improbable, 


remote, occasional, probable, and frequent. 


Hazard Severity The severity of the worst-case consequences should a potential hazard occur. Most 
international standards define four levels of hazard severity (lowest to highest) insignificant, marginal, critical, 


and catastrophic. 


Hazard A source of potential harm or a situation with potential to harm. Note that the consequences 


of a hazard can be physical or cyber. 
HAZOP Hazard and Operability Study; a method of determining hazards in a proposed or existing 


system, their possible causes and consequences, and recommending solutions to minimize the likelihood of 


occurrence. Design and operational aspects of the system are analyzed by an interdisciplinary team. 
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HCR Handprint Character Recognition. One of several pattern recognition technologies used by 


digital imaging systems to interpret handprinted characters. 


HDLC High-Level Data-Link Control. Bit-oriented synchronous datalink layer protocol developed 
by ISO. Derived from SDLC, HDLC specifies a data encapsulation method on synchronous serial links using 


frame characters and checksums. 


HDSL High-data-rate digital subscriber line. One of four DSL technologies. HDSL delivers 1.544 
Mbps of bandwidth each way over two copper twisted pairs. Because HDSL provides TI speed, telephone 
companies have been using HDSL to provision local access to TI services whenever possible. The operating 
range of HDSL is limited to 12,000 feet (3658.5 meters), so signal repeaters are installed to extend the service. 
HDSL requires two twisted pairs, so it is deployed primarily for PBX network connections, digital loop carrier 


systems, interexchange POPs, Internet servers, and private data networks. Compare with ADSL, SDSL, and 
VDSL. 


Header The beginning of a message sent over the Internet; typically contains addressing information 


to route the message or packet to its destination. 
Heading tag HTML tag that puts certain information, such as the title, at the top of the page. 


Headset It combines input and output devices that (1) capture and record the movements of the 
uset’s head, and (2) contains a screen that covers the user’s field of vision and displays various views of an 


environment based on the head’s movements. 


Heap Spraying Heap spraying refers to the attempt to insert code into a predetermined location, This 


technique is often behind the exploits of vulnerable browsers. 


Help desk Responds to knowledge workers’ questions. 

HER Electronic Health Record 

HERF High-energy radio frequency. 

Hertz The basic measurement of bandwidth frequency in cycles per second. I Hertz equals I cycle 
per second. 

Heuristics The mode of analysis in which the next step is determined by the results of the current step 


of analysis. Used for decision support processing. 
Hexadecimal A number system with a base of 16, 


Hidden Partition A method of hiding information on a hard drive where the partition is considered 


unformatted by the host operating system and no drive letter is assigned. 
HIDS Host-Based Intrusion Detection System. 


HIE Health Information Exchange. A health information organization that brings together 
healthcare stakeholders within a defined geographic area and governs health information exchange among them 


for the purpose of improving health and care in that community. 


Hierarchical Database In a hierarchical database, data is organized like a family tree or 


organization chart with branches of parent records and child records. 


High Availability A failover feature to ensure availability during device or component interruptions. 
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High Capacity Floppy Disk Storage device that holds between IOOMB and 250MB 


of information. Superdisks and Zip disks are examples. 


High Impact The loss of confidentiality, integrity, or availability that could be expected 
to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, 
other organizations, or the national security interests of the United States; (i.e., (1) causes a severe degradation 
in mission capability to an extent and duration that the organization is able to perform its primary functions, 
but the effectiveness of the functions is significantly reduced; (2) results in major damage to organizational 
assets; (3) results in major financial loss; or (4) results in severe or catastrophic harm to individuals involving 


loss of life or serious life threatening injuries.) 


High-Impact System An information system in which at least one security objective (i.e., 


confidentiality, integrity, or availability) is assigned a potential impact value of high. 
High-Level Language The class of procedure-oriented language. 


Hijack Attack — A form of active wiretapping in which the attacker seizes control of a previously established 


communication association. 
Hijacking An exploitation of a valid network session for unauthorized purposes. 


HIPS Host-Based Intrusion Prevention System, HIPS is an installed software package which 
monitors a single host for suspicious activity by analyzing events occurring within that host. In other words a 
HIPS aims to stop malware by monitoring the behavior of code. This makes it possible to help keep your 
system secure without depending on a specific threat to be added to a detection update. 


HLD High-Level Design. 

HMAC Keyed-Hash Based Message Authentication Code. A message authentication code that uses a 
cryptographic key in conjunction with a hash function, 

Holographic Device A device that creates, captures, and displays images in true three- 
dimensional 

Home Page The initial screen of information displayed to the user when initiating the client or browser 


software or when connecting to a remote computer. The home page resides at the top of the directory tree. 


Home PNA. Home Phoneline Networking Alliance. Allows one to network home computer using 


telephone wiring. 


Honeypot A computer, network or other information technology resource set as a trap to attract 
attacks. Honeypots may be used to collect metrics (how long does it take for an unprotected system to be 


breached), to test defenses, to examine methods of attack or to catch attackers. A honeypot system may also be 
used to collect SPAM so it can be added to a blacklist. 


Hop A term used in routing. A hop is one data link. A path from source to destination in a 


network is a series of hops. 


Horizontal Defense-In-Depth Controls are placed in various places in the path to access an asset (this is 


functionally equivalent to concentric ring model). 


Horizontal Market Software Application software that is general enough to be suitable for use in a 


variety of industries. 


136 


Dictionary of Cyber Security 


Host Address The IP address of the host computer. 


Host Computer A computer that, in addition to providing a local service, acts as a central processor for a 


communications network. 


Host Any computer on a network that is a repository for services available to other computers on 
the network. It is quite common to have one host machine provide several services, such as SMTP (email) and 


HTTP (web). 


Hosting Provider Offers various services to merchants and other service providers, where their customers’ data 
is “hosted” or resident on the provider's servers. Typical services include shared space for multiple merchants 


on a server, providing a dedicated server for one merchant, or web apps such as a website with “shopping cart” 


options. 
Hostname The name of the user computer on the network. 
Hot Site A fully operational offsite data processing facility equipped with hardware and software, to 


be used in the event of an information system disruption. Backup site that includes phone systems with the 
phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged 
in and turned on. Desks will have desktop PCs installed and waiting, and server areas will be replete with the 
necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully 


functioning element of an organization. 
Hot Standby Secondary equipment in place as a back up in case of primary equipment failure. 
Hot Wash A debrief conducted immediately after an exercise or test with the staff and participants. 


Hotlink Is a method of copying information from one document (the source document) to another 
(the destination document) so that the destination document's information is updated automatically when the 


source document's information changes. 


HSRP Hot Standby Routing Protocol. 
HSSI High-speed serial interface. 
HTML Document A file made from the HTML language. 


HIML Tag Specifies the formatting and presentation of information in an HTML document. 
HTML HyperText Markup Language. 


HTTP Hypertext Transfer Protocol. A communication protocol used to connect to servers on the 
World Wide Web. Its primary function is to establish a connection with a web server and transmit hypertext 
markup language (HTML), extensible markup language (XML) or other pages to client browsers. 


HTTPS Hypertext Transfer Protocol Secure. The protocol for accessing a secure Web server. Using 
HTTPS in the URL instead of HTTP directs the message to a secure port number rather than the default 
Web port number of 80. The session is then managed by a security protocol, such as Secure Sockets Layer 
(SSL). 


Hub A common connection point for devices in a network, hubs are used to connect segments of 
a local area network (LAN). A hub contains multiple ports. When a packet arrives at one port, it is copied to 
the other ports so that all segments of the LAN can see all packets. 
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Human Firewall A person prepared to act as a network layer of defense through education and awareness. 


Humanware Computer programs that interface or communicate with users by means of voice integrated 
technology, interpret user-specified command, and execute or translate commands into machine-executable 
code. 

HUMINT Human Intelligence, intelligence gathered by means of interpersonal contact; a category of 


intelligence derived from information collected and provided by human sources. 
HVAC Heating Ventilation Air Conditioning Systems. 


Hybrid Attack Is a password-cracking attack that builds on the dictionary attack method by adding 


numerals and symbols to dictionary words. 
Hybrid Entity — A covered entity whose covered functions are not its primary functions. 


Hybrid Security Control A security control that is implemented in an information system in part as 


a common control and in part as a system-specific control. 


Hyperlink An image or a portion of text that, when clicked, allows electronic connections. These 


connections access other Internet materials such as images, sounds, animations, videos, or other web pages. 


Hypermedia An extension to hypertext in which frames contain graphics, illustrations, 


images, audio, animation, text, and other forms of information or knowledge. 


Hypertext Markup Language A set of standards used to tag the elements of a document. It is the 
standard protocol for formatting and displaying documents on the World Wide Web. 





Hypertext A method of preparing and publishing text, ideally suited to the computer, in which readers 
can choose their own paths through the material. In preparing hypertext, information is first "chunked" into 
small, manageable units, such as single pages of text. These units are called nodes. Then the hyperlinks (also 
called anchors) are embedded in the text. When a reader clicks on a hyperlink, the hypertext software displays 
a different node. The process of navigating among the nodes linked in this way is called browsing. A collection 
of nodes that are interconnected by hyperlinks is called a Web. 


Hypervisor A piece of software that provides abstraction of all physical resources (such as central 
processing units, memory, network, and storage) and thus enables multiple computing stacks (consisting of an 
operating system, middleware and application programs) called virtual machines to be run on a single physical 
host. 


T&A Identification and authentication. 
IA (1) Information assurance. 
IA (2) Intra-Area. 


IA Architecture A description of the structure and behavior for an enterprise's security processes, 
information security systems, personnel and organizational sub-units, showing their alignment with the 


enterprise’s mission and strategic plans. 


IA Infrastructure The underlying security framework that lies beyond an enterprise’s defined boundary, but 
supports its IA and IA-enabled products, its security posture and its risk management plan. 
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IA Integrity Case A systematic means of gathering, organizing, analyzing, and reporting the data needed by 
internal, contractual, regulatory, or Certification Authorities to confirm that a system has met the specified IA 
goals and JA integrity level and is fit for use in the intended operational environment. An JA integrity case 


includes assumptions, claims, and evidence. 


IA Integrity Level The level of IA integrity that must be achieved or demonstrated to maintain the IA risk 


exposure at or below its acceptable level. 


IA Integrity The likelihood of a system, entity, or function achieving its required security, safety, and 


reliability features under all stated conditions within a stated measure of use. 


IA Product Product whose primary purpose is to provide security services (e.g. confidentiality, 
authentication, integrity, access control, non repudiation of data); correct known vulnerabilities; and/or 
provide layered defense against various categories of non-authorized or malicious penetrations of information 


systems or networks. 


IA Professional Information Assurance Professional. Individual who works IA issues and has real-world 


experience plus appropriate raining and education commensurate wi eit level o responsibility. 
p plus appropriate IA t g and educat te with their level of IA responsibility 


JIA Information Assurance. Measures that protect and defend information and information 
systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These 
measures include providing for restoration of information systems by incorporating protection, detection, and 


reaction capabilities. 


TaaS Infrastructure as a Service. Offers the capability to provision processing, storage, networks 
and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, 


which can include operating systems (OSs) and applications. 


TAB Internet Architecture Board. Board of internetwork researchers who discuss issues pertinent 


to Internet architecture. Responsible for appointing a variety of Internet-related groups such as the 


TAB Internet Architecture Board. Formally called the Internet Activities Board. The technical 
body that oversees the development of the Internet suite of protocols (commonly referred to as TCP/IP). It 
has two task forces (the IRTF and the IETF), each charged with investigating a particular area. 


IAC Information Assurance Component. An application (hardware and/or software) that 
provides one or more Information Assurance capabilities in support of the overall security and operational 


objectives of a system. 


TA-Critical A term applied to any condition, event, operation, process, or item whose proper recognition, 
control, performance, or tolerance is essential to the safe, reliable, and secure operation and support of a 


system. 


IA-Enabled Information Technology Product Product or technology whose primary role is not security, 
but which provides security services as an associated feature of its intended operating capabilities. Examples 
include such products as security enabled Web browsers, screening routers, trusted operating systems, and 


security-enabled messaging systems. 


TA-Enabled Product Product whose primary role is not security, but provides security services 
as an associated feature of its intended operating capabilities. Examples include such products as security- 


enabled Web browsers, screening routers, trusted operating systems, and security enabling messaging systems. 
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IAM (1) Identity and Access Management is the security discipline that enables the right individuals 
to access the right resources at the right times for the right reasons. 

IAM (2) Information Assurance Manager. 

IANA Internet Assigned Numbers Authority. Responsible for the global coordination of the DNS 
root, IP addressing, and other Internet protocol resources. 

TAO Information Assurance Officer. 

IAP Information Awareness Program. 

TA-related A system or entity that performs or controls functions which are activated to prevent or 


minimize the effect of a failure of an [A-critical system or entity. 


TASE Information Assurance Support Environment. The JASE is an on-line Web-based help 
environment for DoD INFOSEC and IA professionals. 


IATO Interim Approval to Operate. Temporary approval granted by a DAA for an IS to process 


information based on preliminary results of a security evaluation of the system. 


JATT Interim Approval to Test. Temporary authorization to test an information system in a 
specified operational information environment within the time frame and under the conditions or constraints 


enumerated in the written authorization. 


JAVA Information Assurance Vulnerability Alert. Notification that is generated when an 
Information Assurance vulnerability may result in an immediate and potentially severe threat to DoD systems 


and information; this alert requires corrective action because of the severity of the vulnerability risk. 


IBG Interblock Gap. A blank space appearing between records or groups of records on magnetic 


storage media, 
IBGP Interior Border Gateway Protocol. 


IBSS Network — Independent Basic Service Set Network. Independent Basic Service Set Network is an IEEE 
802.1 1-based wireless network that has no backbone infrastructure and consists of at least two wireless 
stations. This type of network is often referred to as an ad hoc network because it can be constructed quickly 


without much planning. 


ICA Information Assurance Compliance. Cybersecurity work where a person oversees, evaluates, 
and supports the documentation, validation, and accreditation processes necessary to assure that new IT 
systems meet the organization’s information assurance and security requirements; ensures appropriate 


treatment of risk, compliance, and assurance from internal and external perspectives. 
ICF Intermediate Care Facility. 


ICMP Internet Control Message Protocol. A set of protocols that allow systems to communicate 
information about the state of services on other systems. For example, ICMP is used in determining whether 
systems are up, maximum packet sizes on links, whether a destination host/network/ port is available. Hackers 


typically use (abuse) ICMP to determine information about the remote site. 


Icon A pictorial symbol used to represent data, information, or a program on a GUI screen. 
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ICQ Pronounced “I Seek You.” This is a chat service available via the Internet that enables users 
to communicate online. This service (you load the application on your computer) allows chat via text, voice, 


bulletin boards, file transfers, and e-mail. 


ICSA Internet Computer Security Association. 

ICT Supply Chain Threat A man-made threat achieved through exploitation of the information and 
communications technology (ICT) system’s supply chain, including acquisition processes. 

ICT Information and Communication(s) Technology. Any information technology, equipment, 
or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or 
information. 

ICZ Intensive Control Zone. 

IDA Infrared Date Association port. A port for wireless devices that works in essentially the same 


way as the remote control on TV. 


IDD Integrated Data Dictionary. A database technology that facilitates functional communication 


among system components. 


IDEA A block cipher with 128-bit keys and 64-bit blocks popularly used with PGP. It is currently 
protected by patents. 

Identification Media A building or visitor pass. 

Identification (1) The process, generally employing unique machine-readable names, that 


enables recognition of users or resources as identical to those previously described to the computer system. (2) 
The assignment of a name by which an entity can be referenced. The entity may be high level (such as a user) 


or low level (such as a process or communication channel). 


Identifier Unique data used to represent a person’s identity and associated attributes. A name or a card 
number are examples of identifiers. A data object often, a printable, non-blank character string that definitively 


represents a specific identity of a system entity, distinguishing that identity from all others. 


Identity and Access Management The methods and processes used to manage subjects and_ their 


authentication and authorizations to access specific objects. 


Identity Binding Binding of the vetted claimed identity to the individual (through biometrics) according to 
the issuing authority. 


Identity Cloning A variation of identity theft; instead of stealing PII for financial gain, identity clones actually 


attempt to live and work as another person. 


Identity Fraud The act of using stolen identity to obtain goods or services by deception (it does not occur 


when a credit card is simply stolen, which can constitute ‘consumer fraud’). 


Identity Proofing The process of providing sufficient information (e.g., identity history, credentials, 
documents) to a Personal Identity Verification Registrar when attempting to establish an identity. 


Identity Registration The process of making a person’s identity known to the Personal Identity 
Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the 


person’s relevant attributes into the system. 
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Identity Theft A form of stealing one’s identity in which someone pretends to be someone else by assuming 


that person’s identity, typically in order to obtain credit and other benefits. 
Identity Token Smart card, metal key, or other physical object used to authenticate identity. 
Identity Validation Tests enabling an information system to authenticate users or resources. 


Identity Verification The process of confirming or denying that a claimed identity is correct by 
comparing the credentials (something you know, something you have, something you are) of a person 
requesting access with those previously proven and stored in the PIV Card of system and associated with the 
identity being claimed. 


Identity Information that is unique within a security domain and which is recognized as denoting a 


particular entity within that domain. 


Identity-Based Access Control Access control based on the identity of the user (typically relayed as a 
characteristic of the process acting on behalf of that user) where access authorizations to specific objects are 


assigned based on user identity. 
IDN Integrated Delivery Network. 


IDPS Intrusion Detection and Prevention Systems are network security appliances that monitor 
network and/or system activities for malicious activity. The main functions of intrusion prevention systems 


are to identify malicious activity, log information about this activity, attempt to block/, stop it, and report it, 


IDPS Intrusion Detection and Prevention System. Software that automates the process of 
monitoring the events occurring in a computer system or network and analyzing them for signs of possible 


incidents and attempting to stop detected possible incidents. 
IDS Intrusion Detection System. 


IDS Intrusion Detection System. Software and hardware that detect and log inappropriate, 
incorrect, or anomalous activity. IDS are typically characterized based on the source of the data they monitor 
host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious 


activity. A network-based IDS uses sensors to monitor packets on the network to which it is attached. 


IEEE Institute of Electrical and Electronics Engineers. Pronounced I-triple-E; IEEE is an 
organization composed of engineers, scientists and students. Best known for developing standards for the 
computer and electronics industry IEEE 802.11 A family of specifications developed by the Institute of 
Electrical and Electronics Engineers (IEEE) for wireless local area network (WLAN) technology. 802.11 


specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. 


IEMI Intentional Electromagnetic Interference Device. Devices that intentionally generate 
electromagnetic energy to introduce noise or signals into electric and electronic systems, thus disrupting, 


confusing or damaging these systems for malicious purposes 


IETF Internet Engineering Task Force. The Internet standards setting organization with affiliates 
internationally from network industry representatives. This includes all network industry developers and 


researchers concerned with evolution and planned growth on the Internet. 
IFC User data protection information flow control policy. 


IFF User data protection information flow control functions. 
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IG Implementation Guide. 


IG2G International Government-to-Government. The E-commerce activities performed between 


two or more governments, including foreign aid. 


IGP Interior Gateway Protocol. 

IGRP Interior Gateway Routing Protocol. 

IGS Delivery and operation, installation, generation, and start-up. 

IKE Internet Key Exchange protocol. 

ILDP information leak detection and prevention 

IM Instant Messaging. A service that allows people to send and get messages almost instantly. 


To send messages using instant messaging you need to download an instant messaging program and know the 


instant messaging address of another person who uses the same IM program. 


Image An exact bit-stream copy of all electronic data on a device, performed in a manner that 


ensures that the information is not altered. 


Imaging A process that allows one to obtain a bit-for-bit copy of data to avoid damage of original 
data or information when multiple analyses may be performed. The imaging process is made to obtain residual 
data, such as deleted files, fragments of deleted files and other information present, from the disk for analysis. 


This is possible because imaging duplicates the disk surface, sector by sector. 


IMAP Internet Message Access Protocol. A method of accessing electronic mail or bulletin board 
messages that are kept on a (possibly shared) mail server. IMAP permits a “client” email program to access 
remote message stores as if they were local. For example, email stored on an IMAP server can be manipulated 
from a desktop computer at home, a workstation at the office, and a notebook computer while traveling, 
without the need to transfer messages of files back and forth between these computers. IMAP can be regarded 
as the next-generation POP. 


IMAP Internet Message Access Protocol. IMAP is gradually replacing POP as the main protocol 
used by email clients in communicating with email servers. Using IMAP an email client program can not only 
retrieve email but can also manipulate message stored on the server, without having to actually retrieve the 


messages. So messages can be deleted, have their status changed, multiple mail boxes can be managed, etc. 


IMHO A short hand appended to a comment written in an online forum, IMHO indicates that the 
writer is aware that they are expressing a debatable view, probably on a subject already under discussion, One 


of many such short hands in common use online, especially in discussion forums. 


IMINT Imaginary Intelligence, intelligence gathering discipline which collects information via 
satellite and aerial photography. IMINT is complemented by non-imaging MASINT electro-optical and radar 


sensors, 


Imitative Communications Deception Introduction of deceptive messages or signals into an 


adversary's telecommunications signals. 


Impact Analysis A study to prioritize the criticality of information resources for the enterprise based on costs 
(or consequences) of adverse events. In an impact analysis, threats to assets are identified and potential 


business losses determined for different time periods. This assessment is used to justify the extent of 
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safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery 


strategy. 


Impact Level The magnitude of harm that can be expected to result from the 
consequences of unauthorized disclosure of information, unauthorized modification of information, 
unauthorized destruction of information, or loss of information or information system availability. High, 
Moderate, or Low security categories of an information system established in FIPS 199 which classify the 


intensity of a potential impact that may occur if the information system is jeopardized. 


Impact Printer A hard-copy device on which a print mechanism strikes against a ribbon to create imprints 


on paper. Some impact printers operate one character at a time; others strike an entire line at a time. 


Impact Value The assessed potential impact resulting from a compromise of the confidentiality, integrity, 


or availability of an information type, expressed as a value of low, moderate, or high. 


Impact A component of Risk, the impact describes the negative effect that results from a risk being 
realised. Example impacts include financial loss, legal and regulatory issues, brand and reputation damage, data 
loss, breach of contract, and so on. Impacts can be reduced as part of risk mitigation. For example, installing a 
second hard drive and configuring it as a RAID mirror of a primary hard drive reduces the impact of a disk 
failure. It does not address the likelihood of a disk failure at all. Impacts, like risks, can be technical or business 
related. For example, a technical impact could be corrupt data in the table storing a firm's outstanding orders. 
The business impact might be customer ill-will, increased customer service costs, and additional costs shipping 
and tracking replacement items. Some impacts can be contractually transferred to another party. Insurance, for 
example, can transfer the financial impact of a business risk to the insurer in exchange for a premium payment 
by the insured. The technical impact of a DDoS attack can be transferred to another entity by using their 
network and server resources. Not all impacts can be transferred. Brand and reputation damage, some legal and 


regulatory liability, and impacts on business qualities like time-to-market cannot be transferred. 


Impersonation pretending to be authorized to enter a secure location. Examples include swaggering into a 
site equipped with what look like tool kits of the manufacturer of computer equipment, or pretending to be a 


janitor. Impersonation is a key element of social engineering. 
Implant Chip A technology-enabled microchip implanted into the human body. 


Implant Electronic device or electronic equipment modification designed to gain unauthorized 


interception of information-bearing emanations. 


Implementation Phase Distributes the system to the knowledge workers who begin using the 


system in their everyday jobs. 


Implementation The specific activities within the systems development life cycle through which the software 


portion of the system is developed, coded, debugged, tested, and integrated with existing or new software. 





mportance subjective assessment of the significance of a system’s capability and the consequences of 
I t A subject t of the signifi f a syst p y q 


the loss of that capability. 


In Band Made up of tones that pass within the voice frequency band and are carried along the same 
circuit as the talk path established by the signals. Also known as in-band signaling. 
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In the Wild A virus is said to be “in the wild” if it is spreading uncontained among infected computers in 
the general public. A virus being studied in a controlled environment for research purposes would not be 


considered “in the wild.” 


Inadvertent Disclosure Type of incident involving accidental exposure of information to an 


individual not authorized access. 


Inadvertent Loss The unplanned loss or compromise of data or system. 


Incident Handling The mitigation of violations of security policies and recommended 
practices. 
Incident Investigation The investigation seeks to determine the circumstances of the incident. 


Every incident will warrant or require an investigation. However, investigation resources like forensic tools, 
dirty networks, quarantine networks and consultation with law enforcement may be useful for the effective and 


rapid resolution of an emergency incident. 


Incident Management The management and coordination of activities associated with an actual 
or potential occurrence of an event that may result in adverse consequences to information or information 


systems. 


Incident Response Plan The documentation of a predetermined set of instructions or procedures 


to detect, respond to, and limit consequences of an incident against an organization's IT systems(s). 


Incident Response Team The incident coordinator manages the response process and is responsible 
for assembling the team. The coordinator will ensure the team includes all the individuals necessary to 
properly assess the incident and make decisions regarding the proper course of action. The incident team meets 
regularly to review status reports and to authorize specific remedies. The team should utilize a pre-allocated 


physical and virtual meeting place. 


Incident Response The activities that address the short-term, direct effects of an incident and 
may also support short-term recovery. In the Workforce framework, cybersecurity work where a person 
responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; 
uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, 


preservation of property, and information security. Investigates and analyzes all relevant response activities. 


Incident An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or 
availability of an information system or the information the system processes, stores, or transmits or that 
constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable 
use policies. An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or 
availability of an information system; or the information the system processes, stores, or transmits; or that 
constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable 


use policies. 


Incomplete Parameter Checking A system fault that exists when all parameters have not been fully checked 


for correctness and consistency by the operating system, thus leaving the system vulnerable to penetration. 


Incremental Program Strategies Characterized by acquisition, development, and deployment of 


functionality through a number of clearly defined system “increments” that stand on their own, 


Inculpatory Evidence Evidence that tends to increase the likelihood of fault or guilt. 
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Indexed Sequential Filing A file organization method in which records are maintained in logical 
sequence and indices (or tables) are used to reference their storage addresses. The method allows direct and 


serial access to records. 


Indicator Recognized action, specific, generalized, or theoretical, that an adversary might be expected 


to take in preparation for an attack. A sign that an incident may have occurred or may be currently occurring. 
Indirect CRLs A CRL issued by a third party, that can contain certificates from multiple CA’s. 


Indirect Material Material that is necessary for running a modern corporation but does not relate to the 


company’s primary business activities. Commonly called MRO materials. 


Individual Accountability The ability to associate positively the identity of a user with the time, 
method, and degree of access to an information system; informal security policy (C.F.D.) Natural language 
description, possibly supplemented by mathematical arguments, demonstrating the correspondence of the 


functional specification to the high-level design. 


Individual A citizen of the United States or an alien lawfully admitted for permanent residence. 
Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and E 


Government Act to businesses, sole proprietors, aliens, etc. 


Induction A process of logically arriving at a conclusion about a member of a class from examining a 
few other members of the same class. This method of reasoning may not always produce true statements. As 
an example, suppose it is known that George’s car has four tires and that Fred’s car has four tires. Inductive 


reasoning would allow the conclusion that all cars have four tires. Induction is closely related to learning. 
g y g 


Industrial Control System An information system used to control industrial 
processes such as manufacturing, product handling, production, and distribution. Industrial control systems 
include supervisory control and data acquisition systems (SCADA) used to control geographically dispersed 
assets, as well as distributed control systems (DCS) and smaller control systems using programmable logic 


controllers to control localized processes. 


Inference Engine A system of computer programs in an expert systems application that uses expert experience 


as a basis for conclusions. 
Infobots Software agents that perform specified tasks for a user or application. 


INFOCON Information Operations Condition. The INFOCON is a comprehensive defense posture 
and response based on the status of information systems, military operations, and intelligence assessments of 
adversary capabilities and intent. The INFOCON system presents a structured, coordinated approach to 
defend against a computer network attack. INFOCON measures focus on computer network-based protective 
measures. Each level reflects a defensive posture based on the risk of impact to military operations through the 
intentional disruption of friendly information systems. INFOCON levels are NORMAL (normal activity); 
ALPHA (increased risk of attack); BRAVO (specific risk of attack); CHARLIE (limited attack); and 
DELTA (general attack). Countermeasures at each level include preventive actions, actions taken during an 


attack, and damage control/ mitigating actions. 


Infographic Information graphics, graphic visual representations of information, data or knowledge 


intended to present complex information quickly and clearly often used to highlight patterns and trends. 


146 


Dictionary of Cyber Security 


Informal Security Policy Natural language description, possibly supplemented by mathematical 


arguments, demonstrating the correspondence of the functional specification to the high-level design. 


information Assurance The measures that protect and defend information and information 


systems by ensuring their availability, integrity, and confidentiality. 


Information Asymmetries Information asymmetry deals with the study of decisions in transactions 
where one patty has more or better information than the other. This creates an imbalance of power in 
transactions which can sometimes cause the transactions to go awry. The software market suffers from the 
same information asymmetry. Vendors may make claims about the security of their products, but buyers have 
no reason to trust them. In many cases, even the vendor does not know how secure its software is. So buyers 


have no reason to pay more for protection, and vendors are disinclined to invest in it. 


Information Attributes The qualities, characteristics, and distinctive features of information. 
Information Category The term used to bind information and tie it to an information security 
policy. 

Information Decomposition Breaking down the information for ease of use and understandability. 
Information Domain A three-part concept for information sharing, independent of, and across 


information systems and security domains that 1) identifies information sharing participants as individual 
members, 2) contains shared information objects, and 3) provides a security policy that identifies the roles and 


privileges of the members and the protections required for the information objects. 


Information Environment Aggregate of individuals, organizations, and/or systems that collect, 


process, or disseminate information, also included is the information itself. 


Information Float The amount of time it takes to get information from its source into the 


hands of the decision makers. 


Information Flow Control It is the procedure to ensure that information transfers within an 


information system are not made in violation of the security policy. 
Information Granularity The extent of detail within the information. 


Information Hiding (1) A software development technique in which each module’s interfaces 
reveal as little as possible about the module’s inner workings and other modules are prevented from using 
information about the module that is not in the module’s interface specification. (2) A software development 
technique that consists of isolating a system function, or set of data and operations on those data, within a 


module and providing precise specifications for the module. 


Information in Identifiable Form Information in an IT system or online collection that (1) directly 
identifies an individual (e.g., name, address, Social Security number, or other identifying number or code, 
telephone number, e-mail address, etc.) or (2) by which an agency intends to identify specific individuals in 
conjunction with other data elements, i.e., indirect identification, These data elements may include a 


combination of gender, race, birth date, geographic indicator, and other descriptors. 
Information Interoperability The exchange and use of information in any electronic form. 


Information Management The planning, budgeting, manipulating, and controlling of information 


throughout its life cycle. 
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Information Model A conceptual model of the information needed to support a business 


function or process. 


Information Operations Actions taken to affect adversary information and information systems 
while defending one’s own information and information systems.” Information Operations (IO) can occur 
during peacetime and at every level of warfare. Information warfare (IW), by contrast, is IO “conducted 
during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or 


adversaries”. 


Information Owner An_ official with statutory or operational authority for specified 
information and responsibility for establishing the controls for its generation, collection, processing, 
dissemination, and disposal. Official with statutory or operational authority for specified information and 
responsibility for establishing the controls for its generation, classification, collection, processing, 


dissemination, and disposal. 


Information Partnership Two or more companies that cooperate by integrating their IT systems, 


thereby providing customers with the best of what each has to offer. 


Information Requirements Those items of information regarding the enemy and his environment 


which need to be collected and processed in order to meet the intelligence requirements of a commander. 


Information Resources Information and related resources, such as personnel, equipment, funds, 


and information technology. 


Information Security Architect Individual, group, or organization responsible for ensuring that the 
information security requirements necessary to protect the organization’s core missions and business processes 
are adequately addressed in all aspects of enterprise architecture including reference models, segment and 


solution architectures, and the resulting information systems supporting those missions and business processes. 


Information Security Architecture An embedded, integral part of the enterprise architecture that describes the 
structure and behavior for an enterprise’s security processes, information security systems, personnel and 


organizational sub-units, showing their alignment with the enterprise’s mission and strategic plans. 


Information Security Governance The management structure, organization, responsibility and reporting 


processes surrounding a successful information security program, 


Information Security Policy An aggregate of directives, regulations, rules, and practices that prescribe 


how an organization manages, protects, and distributes information. 


Information Security Program Plan Formal document that provides an overview of the security requirements 
for an organization-wide information security program and describes the program management controls and 


common controls in place or planned for meeting those requirements. 


Information Security Program The overall combination of technical, operational and procedural measures 
and management structures implemented to provide for the confidentiality, integrity and availability of 


information based on business requirements and risk analysis. 


Information Security Risk The risk to organizational operations (including mission, 
functions, image, reputation), organizational assets, individuals, other organizations, and the Nation due to the 
potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information 


and/or information systems. 
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Information Security Service A method to provide some specific aspect of security. For example, 
integrity of transmitted data is a security objective, and a method that would achieve that is considered an 


information security service. 


Information Security Protecting information and information systems from unauthorized access, 
use, disclosure, disruption, modification, or destruction in order to provide (1) integrity, which means 
guarding against improper information modification or destruction, and includes ensuring information 
nonrepudiation and authenticity; (2) confidentiality, which means preserving authorized restrictions on access 
and disclosure, including means for protecting personal privacy and proprietary information; and 3) 


availability, which means ensuring timely and reliable access to and use of information. 


Information Services The offering of a capability for generating, storing, transforming, 
retrieving, utilizing, or making available information via telecommunications, and includes electronic 
publishing but does not include the use of such capability for the management, control, or operation of a 


telecommunications system or the management of a telecommunications service. 


Information Sharing Environment (ISE) An apptoach that facilitates the sharing of terrorism and 
homeland security information; ISE in its broader application enables those in a trusted partnership to share, 


discover, and access controlled information. 


Information Sharing The requirements for information sharing by an IT system with one or 
more other IT systems or applications, for information sharing to support multiple internal or external 


organizations, missions, or public programs. 


Information Steward An agency official with statutory or operational authority for specified 
information and responsibility for establishing the controls for its generation, collection, processing, 
dissemination, and disposal. Individual or group that helps to ensure the careful and responsible management 
of federal information belonging to the Nation as a whole, regardless of the entity or source that may have 
originated, created, or compiled the information. Information stewards provide maximum access to federal 
information to elements of the federal government and its customers, balanced by the obligation to protect the 
information in accordance with the provisions of FISMA and any associated security-related federal policies, 


directives, regulations, standards, and guidance. 


Information Superiority The capability to collect, process, and disseminate an uninterrupted flow 
of information while exploiting or denying an adversary’s ability to do the same. Forces attain information 
superiority through the acquisition of systems and families-of-systems that are secure, reliable, interoperable, 
and able to communicate across a universal Information Technology (IT) infrastructure, to include National 
Security Systems (NSS). This IT infrastructure includes the data, information, processes, organizational 


interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities. 


Information System Life Cycle The phases through which an information system passes, typically 
characterized as initiation, development, operation, and termination (i.e, sanitization, disposal and/or 


destruction). 


Information System Owner Official responsible for the overall procurement, development, integration, 


modification, or operation and maintenance of an information system. 


Information System Resilience The ability of an information system to continue to operate while under 


attack, even if in a degraded or debilitated state, and to rapidly recover operational capabilities for essential 
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functions after a successful attack. The ability of an information system to continue to (1) operate under 
adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational 


capabilities; and (2) recover to an effective operational posture in a time frame consistent with mission needs. 


Information System A discrete set of information resources organized for the collection, 
processing, maintenance, use, sharing, dissemination, or disposition of information. Information systems also 
include specialized systems such as industrial / ptocess controls systems, telephone switching and private branch 


exchange (PBX) systems, and environmental control systems. 


Information Systems Security Product Item (chip, module, assembly, or equipment), technique, 


or service that performs or relates to information systems security. 


Information Systems Security The protection of information systems against unauthorized access to or 
modification of information, whether in storage, processing, or transit, and against the denial-of-service to 
authorized users or the provision of service to unauthorized users, including those measures necessary to detect, 


document, and counter such threats. 


Information Technology Any equipment or interconnected system or subsystem of equipment that 
is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, 
interchange, transmission, or reception of data or information by the executive agency. For purposes of the 
preceding sentence, equipment is used by an executive agency if the equipment is used by the executive agency 
directly or is used by a contractor under a contract with the executive agency which 1) requires the use of such 
equipment or 2) requires the use, to a significant extent, of such equipment in the performance of a service or 
the furnishing of a product. The term information technology includes computers, ancillary equipment, 


software, firmware and similar procedures, services (including support services), and related resources. 


Information Type Is a specific category of information (e.g., privacy, medical, proprietary, 
financial, investigative, contractor sensitive, security management), defined by an organization or in some 


instances, by a specific law, Executive Order, directive, policy, or regulation. 


Information Value A qualitative measure of the importance of the information based upon 
factors such as level of robustness of the Information Assurance controls allocated to the protection of 
information based upon mission criticality, the sensitivity (e.g., classification and compartmentalization) of the 
information, releasability to other countries, petishability/ longevity of the information (e.g., short life data 
versus long life intelligence source data), and potential impact of loss of confidentiality and integrity and/or 


availability of the information. 
Information View Includes all of the information stored within a system. 


Information Intelligence or knowledge capable of being represented in forms suitable for communication, 


storage, or processing. Information may be represented, for example, by signs, symbols, pictures, or sounds. 
information. 


Information-Literate Knowledge Workers Can define what information they need, know how to 
obtain that information, understand the information once they receive it, and act appropriately to help the 


organization achieve the greatest advantage. 


INFOSEC Information Security; Information Systems Security. 


150 


Dictionary of Cyber Security 


Infrared A wireless communications medium that uses light waves to transmit signals or information. 
Infrastructure The framework of interdependent networks and systems comprising identifiable industries, 
institutions, and distribution capabilities that provide a continual flow of goods and services essential to the 
defense and economic security of the United States, the smooth functioning of government at all levels, or 


society as a whole. 


Infrastructure System A network of independent, mostly privately owned, automated systems 
and processes that function collaboratively and synergistically to produce and distribute a continuous flow of 
essential goods and services. The eight critical infrastructure systems defined by PDD-63 are 
telecommunications, banking and finance, power generation and distribution, oil and gas distribution and 


storage, water processing and supply, transportation, emergency services, and government services. 
sf P g PP+Y: P gency 8 


Infrastructure Systems technologies, including operations such as central computer processing, distributed 
processing, end-user computing, local area networking, and telecommunications. Includes the transmission 
media (e.g., voice, data, and video), routers, aggregators, repeaters, and other devices that control transmission 
paths; also includes the software used to send, receive, and manage transmitted signals. These operations often 


represent critical services to financial institutions and their customers. 


Infrastructure-Centric A security management approach that considers information systems and 


their computing environment as a single entity. 


Ingestion A process to convert information extracted to a format that can be understood by 
investigators. 
Ingress Network communications coming in. 


Inherent Risk — The risk level or exposure without taking into account the actions that management has 


taken or might take (e.g., implementing controls). 


Inheritance The language mechanism that allows the definition of a class to include the attributes and 
methods for another more general class. Inheritance is an implementation construct for the specialization 
relation. The general class is the superclass and the specific class is the subclass in the inheritance relation. 
Inheritance is a relation between classes that enables the reuse of code and the definition of generalized 


interface to one or more subclasses. 


Inhibit A design feature that provides a physical interruption between an energy source and a 


function actuator. Two inhibits are independent if no single failure can eliminate them both. 


Initialization Vector A non-secret binary vector used as the initializing input algorithm for the 
encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance 


and to synchronize cryptographic equipment. 


Initialize Setting the state of a cryptographic logic prior to key generation, encryption, or other 


operating mode. 


Initiator Access Control Decision Information ADI associated with the initiator. 

Initiator Access Control Information Access control information relating to the initiator. 
Initiator An entity (for example, human user or computer based entity) that attempts to access other 
entities. 
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Injection Using this method, a secret message is put in a host file in such a way that when the file is 


actually read by a given program, the program ignores the data. 


Injury Any wrong or damage done to another, either his person, rights, reputation, or property; the 


invasion of any legally protected interest of another. 
Inkjet printer Makes images by forcing ink droplets through nozzles. 


Input Controls Techniques and methods for verifying, validating, and editing data to ensure that only 


correct data enters a system. 
Input Device A tool used to capture information and commands by the user. 
Input Validation The act of determining that data input to a program is sound. 


Inquiry Processing The process of selecting a record from a file and immediately displaying 


its contents. 


Inside Threat A person or group of persons within an organization who pose a potential 
tisk through violating security policies. One or more individuals with the access and/or inside knowledge of a 
company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s 


security, systems, services, products, or facilities with the intent to cause harm. 
Insourcing It means that IT specialists within the organization will develop the system. 


Inspectable Space Zone of control. Three dimensional space surrounding equipment that processes classified 
and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal 
authority to identify and remove a potential TEMPEST exploitation exists. 


Inspection Certificate A declaration issued by an interested party that specified requirements 


have been met. 


Inspection A manual analysis technique that examines the program requirements, design, or code in a 


formal and disciplined manner to discover errors. 


Install Putting software on your computer in order to use it. You can install software from a CD or 


DVD, an external hard drive, from a networked computer, or download from the Internet. 


Instance A set of values representing a specific entity belonging to a particular entity type. A single 


value is also the instance of a data item. 


Instrumental Input The capture of data and its placement directly into a computer by 
machines. 
Insulator A material that does not conduct electricity but is suitable for surrounding conductors to 


prevent the loss of current. 


Intangible Asset An asset that is not physical in nature. Examples include intellectual property (patents, 


trademarks, copyrights, processes), goodwill, and brand recognition. 


Integer Overflow When an integer value is too big to be held by its associated data type, the results can often 


be disastrous. This is often a problem when converting unsigned numbers to signed values. 
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Integrate To integrate generally means to merge two of more computer components into a single 
system. Any software product that is coined "integrated" means the product performs more than one type of 
task and offers seamless operation. IDE, and integrated development environment, refers to pieces of hardware 


that are connected to a larger network component. 


Integrated CircuitA miniature microchip incorporating circuitry and semi-conductor components. The circuit 


elements and components are created as a part of the same manufacturing process. 


Integrated Payment Terminal A payment terminal and electronic cash register in one device that takes 


payments, registers and calculates transactions, and prints receipts. 


Integrated Risk Management The structured approach that enables an enterprise or organization to 
share risk information and risk analysis and to synchronize independent yet complementary risk management 


strategies to unify efforts across the enterprise. 


Integration Testing The orderly progression of testing in which software, hardware, or both 


are combined and tested until all intermodule communication links have been integrated. 


Integration Allows separate systems to communicate directly with each other by automatically exporting 


data files from one system and importing them into another. 
Integrator The organization that integrates the IS components. 


Integrator/ Reseller An integrator / reseller is a company that implements, configures, and/or 
supports payment terminals, payment systems, and/or payment applications for merchants. These companies 


may also sell the payment devices or applications as part of their service. 
Integrity Check Value Checksum capable of detecting modification of an information system, 


Integrity Checking The act of checking whether a message has been modified either 
maliciously or by accident. Cryptographically strong message integrity algorithms should always be used when 


integrity 1s important. 


Integrity Level (1) A range of values of an item necessary to maintain system risks within acceptable limits. 
For items that perform IA-related mitigating functions, the property is the reliability with which the item must 
perform the mitigating function. For [A-critical items whose failure can lead to threat instantiation, the 
property is the limit on the frequency of that failure. (2) A range of values of a property of an item necessary 


to maintain risk exposure at or below its acceptability threshold. 


Integrity (1) The accuracy, completeness and validity of information in accordance with business 
values and expectations. The property that data or information has not been modified or altered in an 
unauthorized manner. (2) A security service that allows verification that an unauthorized modification 


(including changes, insertions, deletions and duplications) has not occurred either maliciously or accidentally. 


Intellectual Property Identification A method of asset protection which identifies or defines a copyright, 


patent, trade secret, etc. or validates ownership and ensures that intellectual property rights are protected. 


Intellectual Property Legal rights that result from intellectual activity in the industrial, scientific, 
literary and artistic fields. Examples of types of intellectual property include an author's copyright, trademark, 
and patents. 
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Intelligence Infrastructure/Information Infrastructure The network of computers and communication lines 
underlying critical services that American society has come to depend on financial systems, the power grid, 
transportation, emergency services, and government programs. Information infrastructure includes the Internet, 
telecommunications networks, “embedded” systems (the built-in microprocessors that control machines from 


microwaves to missiles), and “dedicated” devices like individual personal computers. 


Intelligence Method The method which is used to provide support to an intelligence source or 
operation, and which, if disclosed, is vulnerable to counteraction that could nullify or significantly reduce its 
effectiveness in supporting the foreign intelligence or foreign counterintelligence activities of the United States, 


or which would, if disclosed, reasonably lead to the disclosure of an intelligence source or operation. 


Intelligence Source A person, organization, or technical means which provides foreign 
intelligence or foreign counterintelligence and which, if its identity or capability is disclosed, is vulnerable to 
counteraction that could nullify or significantly reduce its effectiveness in providing foreign intelligence or 
foreign counterintelligence to the United States. An intelligence source also means a person or organization 
which provides foreign intelligence or foreign counterintelligence to the United States only on the condition 


that its identity remains undisclosed. 


Intelligence The first step in the decision making process where a problem, need, or opportunity is found 


or recognized. It is the diagnostic phase of decision making. 
Intelligent Agent Software that assists the user in performing repetitive computer-related tasks. 


Intelligent Cabling Research is ongoing in this area. The goal is to eliminate the large physical 
routers, hubs, switches, firewalls, etc. and move these functions (i.e., embed the intelligence) into the cabling 


itself. Currently this is an electrochemical/neuronic research process. 


Intelligent Transportation Systems A subset or specific application of the NIJ that provides real-time 
information and services to the transportation sector. Specific examples include travel and transportation 
management systems, travel demand management systems, public transportation operation systems, electronic 
payment systems, commercial vehicle operation systems, emergency management systems, and advanced vehicle 


control and safety systems. 
Intent A state of mind or desire to achieve an objective. 


Interactive Chat Lets the user engage in real-time exchange of information with one or more individuals over 


the Internet. 
Interactive Video A system in which video segments are integrated via a menu-based processing application. 


Interactive A mode of processing that combines some aspects of online processing and some aspects of 
batch processing. In interactive processing, the user can directly interact with data over which he or she has 
exclusive control. In addition, the user can cause sequential activity to initiate background activity to be run 


against the data. 


Interagency Coordination Within the context of Department of Defense involvement, the 
coordination that occurs between elements of the Department of Defense and engaged U.S. government 
agencies, nongovernment organizations, private voluntary organizations, and regional and_ international 


organizations for the purpose of accomplishing an objective. 
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Interception Interface Physical and logical locations within _ the NW0O/AP/SvP 
telecommunications facilities where access to the CC and IRI is provided. The interception interface is not 


necessarily a single fixed point. 


Interception Measure A technical measure that facilitates the interception of telecommunications 


traffic pursuant to the relevant national laws and regulations. 


Interception Subject A person or persons, specified in a lawful authorization, whose 


telecommunications are to be intercepted. 


Interception Action (based on the law) performed by an NWO/AP/SvP, of making available certain 
information and providing that information to an LEMF. Usually, this term is not used to describe the action 


of observing communications directly by an LEA. 


Intercept-Related Information Collection of information or data associated with telecommunications 
services involving the target identity, specifically communication-associated information or data (including 
unsuccessful communication attempts), service-associated information or data (eg. service-profile 


management by subscriber), and location information. 


Interdependencies The inter-connections between supposedly independent but often 


interdependent systems. 
Interdiction Impeding or denying someone the use of system resources, 


Interface Analysis The checking and verification process that ensures intermodule communications links are 


performed correctly. 


Interface Control Document Technical document describing interface controls and identifying the 
authorities and responsibilities for ensuring the operation of such controls. This document is baselined during 


the preliminary design review and is maintained throughout the information system life cycle. 


Interface A shared boundary between devices, equipment, or software components defined by 


common interconnection characteristics. 


Interference Electromagnetic energy that is picked up with the signal you are receiving. This extra energy 


distorts the signal and interferes with its transmission. 


Interim Accreditation Temporary authorization granted by a designated approving authority for 
an information technology system to process, store, and transmit information based on preliminary results of 


security certification of the system. 


Interleaved Encryption Processing the encryption of a message as multiple messages, generally 


treating every nth block as part of a single message. 


Interleaving The alternating execution of programs residing in the memory of a multiprogramming 
environment. 
Intermediary A specialist company that provides services better than its client companies. 


Intermediate CA Intermediate Certification Authority. A Certification Authority that is subordinate to 
another CA, and has a CA subordinate to itself. 
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Internal Accounting Control The process of safeguarding the accounting functions and processes of a 
business. This process includes validating that the accounting system complies with the appropriate, generally 


accepted accounting principles and that audit trails exist for verification of all processes. 


Internal Control The method of safeguarding business assets, including verifying the accuracy and reliability 
of accounting data, promoting operational efficiency, and encouraging adherence to prescribed organizational 


policies and procedures. 
Internal Information Information that describes specific operational aspects of the organization. 


Internal Network Interface Network’s internal interface between the internal 


intercepting function and a mediation function. 


Internal Network A network where (i) the establishment, maintenance, and provisioning of security controls 
are under the direct control of organizational employees or contractors; or (ii) cryptographic encapsulation or 
similar security technology provides the same effect. An internal network is typically organization-owned, yet 
may be organization-controlled while not being organization-owned. A network where 1) the establishment, 
maintenance, and provisioning of security controls are under the direct control of organizational employees or 
contractors; or 2) cryptographic encapsulation or similar security technology implemented between 
organization-controlled endpoints provides the same effect (at least with regard to confidentiality and 
integrity). An internal network is typically organization-owned, yet may be organization-controlled while not 


being organization-owned. 


Internal Security Controls Hardware, firmware, or software features within an 


information system that restrict access to resources only to authorized subjects. 


Internal Security Testing Security testing conducted from inside the organization’s security 


perimeter. 


International Humanitarian Law That part of international law which seek, for humanitarian reasons, to 
limit the effects of armed conflict. It protects persons who are not or are no longer participating in the 
hostilities and restricts the means and methods of warfare. International humanitarian law is also known as the 
law of war or the law of armed conflict. International law is the body of rules governing relations between 
States. It is contained in agreements between States (treaties or conventions), in customary rules, which consist 


of State practise considered by them as legally binding, and in general principles. 


International Organization for Standardization ISO) An organization that coordinates the development and 


adoption of numerous international standards. “ISO” is not an acronym, but the Greek word for “equal.” 


International Standards Organization The world’s largest developer of voluntary International 


Standards. 
Internet Address A 32-bit address assigned to hosts using TCP/IP. 
Internet Backbone The major set of connections for computers on the Internet. 


Internet Key Exchange Internet Key Exchange is a security measure which employs two keys, a 
private key, and an exchange key that is used to encrypt private keys. Exchange of private keys is done over the 
Internet, where e-mail is used to deliver private passwords to users. The key exchange system allows a person 
to send keys to groups of people simultaneously, where the public/ ptivate system requires that each key is 
encrypted separately for each key recipient. 
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Internet Layer The stack in the TCP/IP protocols that addresses a packet and sends the packets to the 


network access layer. 


Internet Protocol (IP) Packet Spoofing An attack using packets with the spoofed source Internet 
packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This 


technique also may enable an unauthorized user to gain root access on the target system. 
Internet Server Computer Computer that provides information and services on the Internet. 


Internet Telephony A combination of hardware and software that uses the Internet as the 


medium for transmission of telephone calls in place of traditional telephone networks. 


Internet A global computer network that links minor computer networks, allowing them to share 
information via standardized communication protocols. The Internet consists of large national backbone 
networks (such as MILNET, NSFNET, and CREN) and a myriad of regional and local campus networks all 
over the world. The Internet uses the Internet Protocol suite. To be on the Internet, you must have IP 
connectivity (i.e., be able to Telnet to--or ping--other systems). Networks with only email connectivity are not 
actually classified as being on the Internet. Although it is commonly stated that the Internet is not controlled 
or owned by a single entity, this is really misleading, giving many users the perception that no one is really in 
control (no one “owns”) the Internet. In practical reality, the only way the Internet can function is to have the 
major telecom switches, routers, satellite, and fiber optic links in place at strategic locations. These devices at 
strategic locations are owned by a few major corporations. At any time, these corporation could choose to shut 
down these devices (which would shut down the Internet), alter these devices so only specific countries or 
regions could be on the Internet, or modify these devices to allow/disallow/monitor any communications 


occurring on the Internet. 


Internetwork A group of networks connected by routers so that computers on different networks can 


communicate; the Internet. 


Interoperability The ability of two or more systems or components to exchange information and to use the 


information that has been exchanged. 


Interrogation Used to obtain prior indicators or relationships, including telephone 


numbers, IP addresses and names of individuals, from extracted data. 
Intersection Relation A relation the user creates to eliminate a many-to-many relationship. 


Interview A type of assessment method that is characterized by the process of conducting discussions 
with individuals or groups within an organization to facilitate understanding, achieve clarification, or lead to 
the location of evidence, the results of which are used to support the determination of security control 


effectiveness over time. 


Intracell Handovers A cellular call is passed from one frequency to the next or carrier to the 


next within a single cell site. 


Intranet A computer network that uses ‘Internet Protocol’ technology to share information, 


operational systems, or computing services within an organisation. 
Intruder Individual or group gaining access to the network and it's resources without permission. 


Intrusion Detection The process of monitoring the events occurring in a computer system or 


network to detect signs of unauthorized access or attack. 
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Intrusion Prevention A preemptive approach to network security used to identify potential 


threats and respond to them to stop, or at least limit, damage or disruption. 


Intrusion An unauthorized act of bypassing the security mechanisms of a network or information 


system. 
Inverse Cipher — Series of transformations that converts ciphertext to plaintext using the Cipher Key. 


Investigation The collection and analysis of evidence with the goal to identifying the perpetrator of an 


attack or unauthorized use or access 


Invisible GIFs — Electronic images, usually not visible to site visitors, that allow a Web site to count those 


who have visited that page or to access certain cookies. 


Invisible Ink A method of steganography that uses a special ink that is colorless and invisible until treated 


by a chemical, heat, or special light. It is sometimes referred to as sympathetic ink. 


Invisible Watermark An overlaid image which is invisible to the naked eye, but which can be 
detected algorithmically. There are two different types of invisible watermarks fragile and robust. 


IO Information Operations. The integrated employment of the core capabilities of electronic 
warfare, computer network operations, psychological operations, military deception, and operations security, in 
concert with specified supporting and related capabilities, to influence, disrupt, corrupt, or usurp adversarial 


human and automated decision-making process, information, and information systems while protecting our 


own. 
IOC Initial Operational Capability. The first time a new system is introduced into operation. 
IOCs Indicators of Compromise is an artifact observed on a network or in an operating system 


that with high confidence indicates a computer intrusion. Typical IOCs are virus signatures and IP addresses, 
MDS hashes of malware files or URLs or domain names of botnet command and control servers. After [OCs 
have been identified in a process of incident response and computer forensics, they can be used for early 


detection of future attack attempts using intrusion detection systems and antivirus software. 
IOS (1) Internetwork Operating System. 


IOS (2) Interorganizational System, Automates the flow of information between organizations to 


support the planning, design, development, production, and delivery of products and services. 


IP Address Spoofing IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) 
packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating 


another computing system. 


IP Address The IP address uniquely identifies a computer or other hardware device (such as a printer) 
on the Internet. There are different types of IP addresses. Today, Ipv4 addresses are most common, and look 
like a set of four numbers, each between zero and 255, separated by periods (e.g, 192.168.0.5). Ipv6 addresses 
will become increasingly common. These look like a set of hexadecimal numbers separated into groups by 


colons (e.g. 2001 :0db8:85a3:0000:0000:8a2¢:0370:7334). 


IP Authentication Header (AH) Protocol used to provide connectionless integrity and data origin 
authentication for IP datagrams and to provide protection against replays. AH ensures data integrity with a 


checksum that a message authentication code, such as MDS, generates. To ensure data origin authentication, 
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AH includes a secret shared key in the algorithm that it uses for authentication. To ensure replay protection, 


AH uses a sequence number field within the IP authentication header. 


IP Datagram The fundamental unit of information passed across the Internet. Contains 
source and destination addresses, along with data and a number of fields that define such things as the length 
of the datagram, the header checksum, and flags to say whether the datagram can be (or has been) fragmented. 


IP Number Sometimes called a dotted quad. A unique number consisting of 4 parts separated by dots, 
e.g.165.113.245.2 every machine that is on the Internet has a unique IP number if a machine does not have an 
IP number, it is not really on the Internet. Many machines (especially servers) also have one or more Domain 


Names that are easier for people to remember. 


IP Spoofing IP Spoofing is a technique used to gain unauthorized access to computers or network devices, 
whereby the intruder sends messages with an IP source address to pretend that the message is coming from a 


trusted source. 


IP Internet Protocol. Standard protocol for transmission of data from source to destinations in 


packet-switched communications networks and interconnected systems of such networks. 


IPA Independent Providers Association. 

IPC Inter-process communication. 

IPL Initial program load. 

IPMP Intellectual Property Management and Protection. A refinement of digital rights 


management (DRM) that refers specifically to MPEG’s. 


IPS Intrusion Prevention System. A system designed to not only detect attacks, but also to 
prevent the intended victim hosts from being affected by the attacks. 


IPSec Internet Protocol Pecurity. IPSec comprises the set of protocols that ensure secure exchange 
of packets at the IP layer, where packets of information are exchanged according to the packet's header, or 
address. IPSec is developed and maintained by the Internet Engineering Task Force IETF), the organization 
that upholds standards of information exchange on the Internet. IPSec employs public key encryption, where 
the sender and receivers share a key, a process made possible by a protocol called Internet Security Association 
and Key Management Protocol. This allows the receiver to obtain a public key and authenticate the sender 
using digital certificates. 


IPSec IP Security. A suite of protocols for securing Internet Protocol (IP) communications at the 
network layer, layer 3 of the OSI model by authenticating and/or encrypting each IP packet in a data stream. 
IPSec also includes protocols for cryptographic key establishment. 


IPv4 Internet Protocol, version 4. The most widely used version of the Internet Protocol (the 
"IP" part of TCP/IP.) IPv4 allows for a theoretical maximum of approximately four billion IP Numbers 
(technically 232), but the actual number is far less due to inefficiencies in the way blocks of numbers are 
handled by networks. The gradual adoption of IPv6 will solve this problem. 


IPv6 Internet Protocol, version 6. The successor to [Pv4, Already deployed in some cases and 
gradually spreading, IPv6 provides a huge number of available IP Numbers over a sextillion addresses 
(theoretically 2128). IPv6 allows every device on the planet to have its own IP Number. 
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IPX Internet packet exchange. 


IPX/SPX Internetwork Packet Exchange/ Sequenced Packet Exchange. IPX is layer 3 of the open 
systems interconnect (OSI) model network protocol; SPX is layer 4 transport protocol. The SPX layer sits on 


top of the IPX layer and provides connection-oriented services between two nodes on the network. 


IR Internal Router. An internal router has all its interfaces belonging to the same area. 

IRB (1) Institutional Review Board. 

IRB (2) Integrated Routing and Bridging. 

IRC Internet Relay Chat. A method of real-time Internet communication often used by criminals 


to buy and sell purloined information such as credit card numbers and personal identity information. IRC 


chatrooms may be open or private. 


IRM Information Resources Management. The planning, budgeting, organizing, directing, 
training, controlling, and management activities associated with the burden, collection, creation, use, and 


dissemination of information by agencies. 
IS Intermediate system. 


ISA Interconnection Security Agreement. An agreement established between the organizations 
that own and operate connected IT systems to document the technical requirements of the interconnection. 
The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations, 
A document that regulates security-relevant aspects of an intended connection between an agency and an 
external system. It regulates the security interface between any two systems operating under two different 
distinct authorities. It includes a variety of descriptive, technical, procedural, and planning information. It is 
usually preceded by a formal MOA/MOU that defines high-level roles and responsibilities in management of 


a cross-domain connection. 


ISAC/ISAO Information Sharing and Analysis Centers, a nonprofit org that provides a central resource 
for gathering information on cyber threats to critical infrastructure and providing two-way sharing of 


information between the public and private sector. 


ISACA Information Systems Audit and Control Association. 
ISAKMP Internet Security Association Key Management Protocol. 
ISCM Monitoring Information Security Continuous Monitoring, Maintaining ongoing 


awareness of information security, vulnerabilities, and threats to support organizational risk management 


decisions. 


ISCM Process Information Security Continuous Monitoring Process. A process to Define an ISCM 
strategy; Establish an ISCM program; Implement an ISCM program; Analyze data and Report findings; 
Respond to findings; and Review and Update the ISCM strategy and program. 


ISCM Program Information Security Continuous Monitoring Program. A program established to collect 
information in accordance with pre-established metrics, utilizing information readily available in part through 


implemented security controls. 
P y 
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ISCP Information System Contingency Plan. Management policy and procedures designed to 
maintain or restore business operations, including computer operations, possibly at an alternate location, in the 


event of emergencies, system failures, or disasters. 


ISDN Integrated Services Digital Network. There are two forms of ISDN PRI and BRI. BRI 
interface supports a total signaling rate of 144 kbps, which is divided up into two B or bearer channels, which 
tun at 64 kbps, and a D or data channel, which runs at 16 kbps. The bearer channels carry the actual voice, 
video, or data information, and the D channel is used for signaling. PRI or primary rate interface provides the 
same throughput as a T-I 1.544 Mbps, has 23 B or bearer channels, which run at 64 kbps, and a D or data 
channel, which runs at 16 kbps. 


ISIS Intermediate System Intermediate System (OSI standard routing protocol). 


ISM Industrial, Scientific, and Manufacturing Frequencies. A term describing several frequencies 


in the radio spectrum set aside for specific purposes. 


ISO 17799 ISO 17799 gives general recommendations for information security management. It is 
intended to provide a common international basis for developing organizational security standards and 


effective security management practice and to provide confidence in interorganizational dealings. 


ISO 9000 A certification program that demonstrates an organization adheres to steps that ensure 
quality of goods and services. A quality series that comprises a set of five documents and was developed in 


1987 by the International Standards Organization (ISO). 
ISO International Standards Organization, International Organization for Standardization. 


ISO/IEC 17799 Provides best ptactice recommendations on information security management for use by 
those who are responsible for initiating, implementing or maintaining information security management 


systems. 


Isolation The separation of users and processes in a computer system from one another, as well as 


from the protection controls of the operating system, 


ISP Internet Service Provider. A company or organization that gives users and devices access to 


the Internet. 


IS-Related Risk The probability that a particular threat agent will exploit, or trigger, a particular information 


system vulnerability and the resulting mission/ business impact if this should occur. 
ISSA Information Systems Security Association. 


ISSE Information Systems Security Engineering. Process of capturing and refining information 
protection requirements to ensure their integration into information systems acquisition and information 
systems development through purposeful security design or configuration. Process that captures and refines 
information security requirements and ensures their integration into information technology component 


products and information systems through purposeful security design or configuration. 


ISSEM Information Systems Security Equipment Modification. Modification of any fielded 
hardware, firmware, software, or portion thereof, under NSA configuration control. There are three classes of 
modifications mandatory (to include human safety); optional /’ special mission modifications; and repair actions. 


These classes apply to elements, subassemblies, equipment, systems, and software packages performing 
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functions such as key generation, key distribution, message encryption, decryption, authentication, or those 


mechanisms necessary to satisfy security policy, labeling, identification, or accountability. 


ISSM Information Systems Security Manager. Individual responsible for the information assurance 


of a program, organization, system, or enclave. 


ISSO Information System Security Officer. Individual with assigned responsibility for maintaining 
the appropriate operational security posture for an information system or program. Individual assigned 
responsibility by the senior agency information security officer, authorizing official, management official, or 
information system owner for maintaining the appropriate operational security posture for an information 
system or program. Individual assigned responsibility by the senior agency information security officer, 
authorizing official, management official, or information system owner for ensuring that the appropriate 


operational security posture is maintained for an information system or program. 
ISSO Information Systems Security Officer, 


IT governance The responsibility of executives and the board of directors; consists of the leadership, 
organizational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise's 


strategies and objectives. 


IT Infrastructure The hardware, software, and telecommunications equipment that when combined provides 


the underlying foundation to support the organization’s goal. 


IT Security Architecture A description of security principles and an overall approach for complying 
with the principles that drive the system design; i.e., guidelines on the placement and implementation of 


specific security services within various distributed computing environments. 


IT Security Awareness and Training Program Explains proper rules of behavior for the use of agency 
IT systems and information. The program communicates IT security policies and procedures that need to be 
followed. Explains proper rules of behavior for the use of agency information systems and information, The 


program communicates IT security policies and procedures that need to be followed. 


IT security awareness and training program Explains proper rules of behavior for the use of agency 


information systems and information. The program communicates IT security policies and procedures that 


need to be followed. 


IT Security Awareness The purpose of awareness presentations is simply to focus attention on 
security. Awareness presentations are intended to allow individuals to recognize IT security concerns and 
respond accordingly. 

IT Security Basics A core set of generic IT security terms and concepts for all federal 


employees as a baseline for further, role-based learning. 


IT Security Education IT Security Education seeks to integrate all of the security skills and 
competencies of the various functional specialties into a common body of knowledge, adds a multidisciplinary 
study of concepts, issues, and principles (technological and social), and strives to produce IT security 


specialists and professionals capable of vision and proactive response. 


IT Security Investment An IT application or system that is solely devoted to security. For instance, 
intrusion detection systems (IDS) and public key infrastructure (PKI) are examples of IT security investments. 
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IT Security Literacy The first solid step of the IT security training level where the knowledge 
obtained through training can be directly related to the individual's role in his or her specific organization. 

IT Security Metrics Metrics based on IT security performance goals and objectives. 

IT Security Policy The “documentation of IT security decisions” in an organization, 

IT Security Program Automated information system security program, Computer security 


program, information systems security program. A program established, implemented, and maintained to 
assure that adequate IT security is provided for all organizational information collected, processed, transmitted, 


stored, or disseminated in its information technology systems. 


IT Security Training IT Security Training strives to produce relevant and needed security skills 
and competencies by practitioners of functional specialties other than IT security (e.g., management, systems 
design and development, acquisition, auditing). The most significant difference between training and awareness 
is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks 
to focus an individual’s attention on an issue or set of issues. The skills acquired during training are built upon 


the awareness foundation, in particular, upon the security basics and literacy material. 


IT Security Technological discipline concerned with ensuring that IT systems perform as expected and 
do nothing more; that information is provided adequate protection for confidentiality; that system, data and 
software integrity is maintained; and that information and system resources are protected against unplanned 


disruptions of processing that could seriously impact mission accomplishment. 


IT System A collection of computing or communications components and other resources that support 
one or more functional objectives of an organization. IT system resources include any IT component plus 
associated manual procedures and physical facilities that are used in the acquisition, storage, manipulation, 
display, or movement of data or to direct or monitor operating procedures. An IT system may consist of one 


or more computers and their related resources of any size. The resources that comprise a system do not have to 


be physically connected. 

IT Information Technology. 

ITA Protection of the TSF, availability of exported TSF data. 

ITC (1) User data protection, import from outside TSF control; (2) protection of the TSF, 


confidentiality of exported TSF data; (3) trusted path/ channels, inter-TSF trusted channel. 


Iterative Development Life Cycle A strategy for developing systems that allows for the controlled reworking 


of parts of a system to remove mistakes or to make improvements based on feedback. 
ITL Information Technology Laboratory. 


IT-Related Risk The net mission/business impact considering I) the likelihood that a particular threat 
source will exploit, or trigger, a particular information system vulnerability, and 2) the resulting impact if this 
should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to: 
unauthorized (malicious, non-malicious, or accidental) disclosure, modification, or destruction of information; 
Non-malicious errors and omissions; IT disruptions due to natural or man-made disasters; or Failure to 


exercise due care and diligence in the implementation and operation of the IT. 


ITS Intelligent transportation systems. 
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ITSEC Information Technology Security Evaluation Criteria. 

ITT (1) User data protection, internal TOE transfer. (2) protection of the TSF, internal TOE 
TSF data transfer. 

ITU International Telecommunications Union. 

ITU-T ITU Telecommunication Standardization Sector. 

ITUTSS Telecommunications Standardization Sector of the International Telecommunications 


Union. A unit of the International Telecommunications Union (ITU) of the United Nations. An organization 
with representatives from the post office, telegraph, and telecommunications agencies (PTT's) of the world. 
ITU-TSS produces technical standards, known as recommendations, for all internationally controlled aspects 


of analog and digital communications. 


IV&V Independent Verification & Validation. A comprehensive review, analysis, and testing 
(software and/or hardware) performed by an objective third party to confirm (ie, verify) that the 
requirements are correctly defined, and to confirm (i.e., validate) that the system correctly implements the 


required functionality and security requirements. 


IVA Independent Validation Authority. Entity that reviews the soundness of independent tests 


and system compliance with all stated security controls and risk mitigation actions. IV As will be designated by 
the Authorizing Official as needed. 


IVPN International Virtual Private Network. Virtual private networks that depend on services 


offered by phone companies of various nationalities. 


IW Information Warfare. Actions taken to achieve information superiority by affecting 
adversary information, information-based processes, information systems, and computer-based networks while 
defending one’s own information, informationbased processes, information systems, and computer-based 
networks Initialize- Is setting the state of a cryptographic logic prior to key generation, encryption, or other 


operating mode. 


JAD Joint Application Development. Occurs when knowledge workers and IT specialists meet, 


sometimes for several days, to define or review the business requirements for the system. 


Jail A restricted execution environment meant to compartmentalize a process, so that even if it 
has security problems it cannot hurt resources which it would not normally have access to use. On FreeBSD, a 
system call similar to chroot that provides compartmentalization. Unlike chroot, it can also restrict network 


resources in addition to file system resources. 


Jamming An attack in which a device is used to emit electromagnetic energy on a wireless network's 
frequency to make it unusable. An attack that attempts to interfere with the reception of broadcast 


communications. 


Jargon Code A code that uses words (esp. nouns) instead of figure or letter-groups as the equivalent of 


plain language units. 


Java Security Specific security protocols are launched to protect programs using Java, a computer 
programming language mostly used for the World Wide Web. Java programs, which can be downloaded from 


a Web server and run on Java-compatible browsers, are run in a small, constrained area called a Sandbox. The 
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Sandbox contains a security system that checks and verifies all codes coming into it. Java Security employs data 


encryption, where keys are needed to encrypt and read data. 


Java Java is a network-friendly programming language invented by Sun Microsystems. Java is 
often used to build large, complex systems that involve several different computers interacting across networks, 
for example transaction processing systems. Java is also used to create software with graphical user interfaces 
such as editors, audio players, web browsers, etc. Java is also popular for creating programs that run in small 
electronic device/s, such as mobile telephones. Using small Java programs (called "Applets"), Web pages can 


include functions such as animations, calculators, and other fancy tricks. 


JavaScript JavaScript is a programming language that is mostly used in web pages, usually to add 
features that make the web page more interactive. When JavaScript is included in an HTML file it relies upon 
the browser to interpret the JavaScript. When JavaScript is combined with Cascading Style Sheets (CSS), and 
later versions of HTML (4.0 and later) the result is often called DHTML. 


JDK Java Development Kit, a software development package from Sun Microsystems that 
implements the basic set of tools needed to write, test and debug Java applications and applets 


jIT Just in Time. An approach that produces or delivers a product or service just at the time 


the customer wants it. 


es 


Jitter Attack A method of testing or defeating the robustness of a watermark. This attack applies “jitter” 
to a cover by splitting the file into a large number of samples, the deletes or duplicates one of the samples and 
puts the pieces back together. At this point the location of the embedded bytes cannot be found. This 


technique is nearly imperceptable when used on audio and video files. 


Job Accounting System A set of systems software that can track the services and resources used by 


computer system account holders. 


Job Function The roles and responsibilities specific to an individual, not a job title. 

Job Queue A set of programs held in temporary storage and awaiting execution, 

Job A complete set of programs to be executed in sequence on a computer. 

Join An operation that takes two relations as operand and produces a new relation by concealing 


the tuples and matching the corresponding columns when a stated condition holds between the two. 
Joint Authorization Security authorization involving multiple authorizing officials. 


Joint Photographic Experts Group It is most commonly mentioned as a format for image files. JPEG format 
is preferred to the GIF format for photographic images as opposed to line art or simple logo art. 


JPEG Joint Photographic Experts Group. 
Judgment The ability to make a decision or form an opinion by discerning and evaluating. 
Jukebox Hardware that houses, reads, and writes to many optical disks using a variety of mechanical 


methods for operation. 


Just-in-time manufacturing Manufacturing to meet an immediate requirement, not in surplus or in 


advance of need. 


KAK Key-Auto-Key. Cryptographic logic using previous key to produce key. 
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KB A Kilobyte is 1,024 bytes. 

KDC Key Distribution Center. COMSEC facility generating and distributing key in electronic 
form. 

KEK Key-Encryption-Key. Key that encrypts or decrypts other key for transmission or storage. 
Kerberos A widely used authentication protocol developed at the Massachusetts Institute of 


Technology (MIT). In “classic” Kerberos, users share a secret password with a Key Distribution Center 
(KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is 
furnished a “ticket” by the KDC to use to authenticate with Bob. When Kerberos authentication is based on 
passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture 
the initial user-to KDC exchange. Longer password length and complexity provide some mitigation to this 
vulnerability, although sufficiently long passwords tend to be cumbersome for users. A means of verifying the 
identities of principals on an open network. It accomplishes this without relying on the authentication, 
trustworthiness, or physical security of hosts while assuming all packets can be read, modified and inserted at 
will. It uses a trust broker model and symmetric cryptography to provide authentication and authorization of 


users and systems on the network. 


Kerckhoffs Principle A cryptography principle that states if the method used to encipher data is 
known by an opponent then security must lie in the choice of the key. 

Kermit A (once) popular file transfer and terminal emulation program. 

Kernel Mode Used for execution of privileged instructions for the internal operation of the system. In 


kernel mode, there are no protections from errors or malicious activity and all parts of the system and memory 


are accessible. 


Key Agreement The process of two parties agreeing on a shared secret, where both parties contribute 


material to the key. 


Key Bundle The three cryptographic keys (Keyl, Key2, Key3) that are used with a Triple Data 
Encryption Algorithm (TDEA) mode. 


Key Escrow System A system that entrusts the two components comprising a cryptographic 


key (e.g., a device unique key) to two key component holders. 


Key Escrow A deposit of the private key of a subscriber and other pertinent information pursuant to an 
escrow agreement or similar contract binding upon the subscriber, the terms of which require one or more 
agents to hold the subscriber's private key for the benefit of the subscriber, an employer, or other party, upon 
provisions set forth in the agreement; The processes of managing (e.g., generating, storing, transferring, 
auditing) the two components of a cryptographic key by two key component holders. (1) The processes of 
managing (e.g., generating, storing, transferring, auditing) the two components of a cryptographic key by two 
key component holders. (2) A key recovery technique for storing knowledge of a cryptographic key, or parts 
thereof, in the custody of one or more third parties called "escrow agents," so that the key can be recovered 


and used in specified circumstances. 


Key Establishment The process by which cryptographic keys are securely established among 
cryptographic modules using manual transport methods (e.g., key loaders), automated methods (eg., key 


transport and/or key agreement protocols), or a combination of automated and manual methods (consists of 
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key transport plus key agreement). The process by which cryptographic keys are securely established among 


cryptographic modules using key transport and/or key agreement procedures. 


Key Exchange Is the process of exchanging public keys in order to establish secure communications. 


Process of exchanging public keys (and other information) in order to establish secure communications. 
Key Expansion Routine used to generate a series of Round Keys from the Cipher Key. 
Key Fingerprint The actual binary code of an encryption key, which is presented in hexadecimal notation. 


Key Generation Material Random numbers, pseudo-random numbers, and cryptographic parameters 


used in generating cryptographic keys. 
Key Generation The origination of a key or set of distinct keys. 


Key Length The number of binary digits, or bits, in an encryption algorithm’s key. Key length is 


sometimes used to measure the relative strength of the encryption algorithm. 


Key List Printed series of key settings for a specific cryptonet. Key lists may be produced in list, pad, 


or printed tape format. 


Key Loader A self-contained unit that is capable of storing at least one plaintext or encrypted 
cryptographic key or key component that can be transferred, upon request, into a cryptographic module. A 
self-contained unit that is capable of storing at least one plaintext or encrypted cryptographic key or a 


component of a key that can be transferred, upon request, into a cryptographic module. 


Key Management Device A unit that provides for secure electronic distribution of encryption keys 


to authorized users. 


Key Management The activities involving the handling of cryptographic keys and other related security 
parameters (e.g., [Vs and passwords) during the entire life cycle of the keys, including their generation, storage, 


establishment, entry and output, and zeroization. 


key Pair A public key and its corresponding private key. Two mathematically related keys having the 
property that one key can be used to encrypt a message that can only be decrypted using the other key. 


Key Recovery A process used to recover encrypted information that does not involve the 
storing of the key or any part of the key with a third party. Sometimes, important data needs to be recovered 
without normal access. The encryption key may have been lost accidentally, or an organization may need to 
audit its resources, or the data may be needed by law enforcement and other outside authorities. Key-recovery 
systems, like those proposed by National Institute for Standards and Technology (NIST), rely on close 
cooperation between certification authorities and user communities that share a public-key infrastructure 
(PKI). These groups would need to share components of encryption keys that are stored at separate locations. 
Many organizations find key recovery a preferable process to key escrow. The US government recently relaxed 
controls on the export of strong encryption based upon the development of key recovery technology by the 


computer industry. 


key Resource A publicly or privately controlled asset necessary to sustain continuity of 


government and/or economic operations, or an asset that is of great historical significance. 


Key Schedule In a block cipher, keys used for individual “rounds” of encryption, derived from the base key 


in a cipher-dependent manner. 
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Key Space The total number of possible values of keys in a cryptographic algorithm or other security 
measure such as a password. For example, a 20 bit key would have a key space of 1,048,576. 


Key Stream Sequence of symbols (or their electrical or mechanical equivalents) produced in a machine or 
auto-manual cryptosystem to combine with plain text to produce cipher text, control transmission security 


processes, or produce key. 
Key Tag Identification information associated with certain types of electronic key. 
Key Tape Punched or magnetic tape containing key. Printed key in tape form is referred to as a key list. 


Key Transport The secure transport of cryptographic keys from one cryptographic module to another 


module. 
Key Updating Irreversible cryptographic process for modifying key. 


Key Wrap A method of encrypting keying material (along with associated integrity information) that 
provides both confidentiality and integrity protection using a symmetric key algorithm. 


Key A numerical value used to control cryptographic operations, such as decryption, encryption, 
signature generation, or signature verification. A numerical value used to control cryptographic operations, 
such as decryption, encryption, signature generation, or signature verification. It is a parameter used in 
conjunction with a cryptographic algorithm that determines its operation. In everyday language, a key is a 
password needed to encrypt and decrypt data. Encryption keys may be private or public. A private key is one 
to which only the user has access, while a public key may be published or distributed on request. Examples 
applicable to this Standard include: (1) The computation of a digital signature from data, and (2) The 


verification of a digital signature. 


Key2audio A product of Sony designed to control the copying of CDs by embedding code within the 
CD that prevents playback on a PC or Mac preventing track ripping or copying. 


Keyboard Logger A virus or physical device that logs keystrokes to secretly capture private information such as 


passwords or credit card details. 


Keyboard Computer Keyboard. In computing, a computer keyboard is a typewriter-style device which 
uses an arrangement of buttons or keys to act as a mechanical lever or electronic switch. Following the decline 
of punch cards and paper tape, interaction via teleprinter-style keyboards became the main input device for 
computers. A keyboard typically has characters engraved or printed on the keys (buttons) and each press of a 
key typically corresponds to a single written symbol. However, to produce some symbols requires pressing and 
holding several keys simultaneously or in sequence. While most keyboard keys produce letters, numbers or 


signs (characters), other keys or simultaneous key presses can produce actions or execute computer commands. 


Keying Material Keying material is the key, code, or authentication information in physical, electronic, or 


magnetic form. 


Keylogger Malware A program that records every key struck on a keyboard and sends that 


information to an attacker. 


Keylogger A keylogger is a method of tracking the strokes on a keyboard without the knowledge of the 
user. This information is collected and used to access private accounts or collect personal information. 
Keyloggers can come in the form of software, hardware, or external monitoring such as acoustic analysis. It can 


be software or hardware that monitors and logs the keystrokes a user types into a computer. The keylogger 
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may store the key sequences locally for later retrieval or send them to a remote location. A hardware keylogger 


can only be detected by physically inspecting the computer for unusual hardware. 
Keystroke Logger Keylogger. 


Keystroke Monitoring The process used to view or record both the keystrokes entered by a 
computer user and the computer’s response during an interactive session. Keystroke monitoring is usually 


considered a special case of audit trails. 


Key-to-Disk Device A keyboard unit that records data as patterns of magnetic spots onto 


magnetic disks. 


Kinetic Attack Traditional mode of warfare in which arms are used to kill opponents and/or destroy an 
opponent's infrastructure. Usually used to distinguish a cyber attack in which destruction of the opponent's 
resources is accomplished through targeted information system attacks without resorting to bullets, bombs or 


explosives. 


KMI Key Management Infrastructure. All parts computer hardware, firmware, software, and other 
equipment and its documentation; facilities that house the equipment and related functions; and companion 
standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and 


delivery of cryptographic material and related information products and services to users. 


KMI-Aware Device A user device that has a user identity for which the registration has 
significance across the entire KMI (i.e., the identity‘s registration data is maintained in a database at the PRSN 
level of the system, rather than only at an MGC) and for which a product can be generated and wrapped by a 
PSN for distribution to the specific device. 


Knowledge Acquisition The component of the expert system that the knowledge engineer uses to 


enter the rules. 


Knowledge Base The part of an expert system that contains specific information and facts about the expert 


area. Rules that the expert system uses to make decisions are derived from this source. 
Knowledge Engineer The person who formulates the domain expertise of an expert system. 


Knowledge Levels Verbs that describe actions an individual should be capable of performing 
on the job after completion of the training associated with the cell. The verbs are identified for three training 


levels: Beginning, Intermediate, and Advanced. 


Knowledge Management In the NICE Workforce Framework, cybersecurity work where a person 
manages and administers processes and tools that enable the organization to identify, document, and access 


intellectual capital and information content. 


Knowledge Worker Knowledge workers are workers whose main capital is knowledge and 
works with and produces information as a product. Examples include software engineers, physicians, 
pharmacists, architects, engineers, scientists, public accountants, lawyers, and academics, whose job is to "think 


for a living". 


Knowledge Information from multiple sources integrated with common, environmental, real-world 


experience. 
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Knowledge-Based System An artificial intelligence system that applies reasoning capabilities to reach 


a conclusion. 


Known-Cover Attack A type of attack where both the original, unaltered cover and the stego- 


object are available. 


Known-Message Attack A type of attack where the hidden message is known to exist by the 
attacker and the stego-object is analyzed for patterns which may be beneficial in future attacks. This is a very 
difficult attack, equal in difficulty to a stego-only attack. 


Known-Stego Attack An attack where the tool (algorithm) is known and the original cover 


object and stego-object are available. 


KOA Agent A user identity that is designated by a KOA manager to access PRSN product delivery 
enclaves for the purpose of retrieving wrapped products that have been ordered for user devices that are 


assigned to that KOA. 


KOA Manager The Management Role that is responsible for the operation of one or KOA‘s (i.e., manages 
distribution of KMI products to the end cryptographic units, fill devices, and ADPs that are assigned to the 
manager's KOA). 


KOA Registration Manager The individual responsible for performing activities 
related to registering KOAs. 


KOA KMI Operating Account. A KMI business relationship that is established (1) to manage the 
set of user devices that are under the control of a specific KMI customer organization, and (2) to control the 


distribution of KMI products to those devices. 


KPC KMI Protected Channel. A KMI Communication Channel that provides (1) Information 
Integrity Service; (2) either Data Origin Authentication Service or Peer Entity Authentication Service, as is 


appropriate to the mode of communications; and (3) optionally, Information Confidentiality Service. 


KPK Key Production Key. Key used to initialize a keystream generator for the production of other 
electronically generated key. 


KRI Key Risk Indicator. A subset of risk indicators that are highly relevant and possess a high 
probability of predicting or indicating important risk. 


L2F Protocol Layer 2 Forwarding Protocol. Protocol that supports the creation of secure virtual 


private dial-up networks over the Internet. 
Label A set of symbols used to identify or describe an item, record, message, or file. 


Labeled Security Protections Access control protection features of a system that use security labels to 


make access control decisions. 


Laboratory Attack Use of sophisticated signal recovery equipment in a laboratory 


environment to recover information from data storage media. 
LAEA approach Listen, Acknowledge, Explain, Apologize 


LAN Switch High-speed switch that forwards packets between data-link segments. Most LAN switches 
forward traffic based on MAC addresses. This variety of LAN switch is sometimes called a frame switch. 
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LAN switches are often categorized according to the method they use to forward traffic: cut-through packet 
switching or store-and-forward packet switching. Multi-layer switches are an intelligent subset of LAN 


switches. Compare with multi-layer switch. 


LAN Local Area Network. A group of computers and associated devices that share a common 
communications line or wireless link. Typically, connected devices share the resources of a single processor or 
server within a small geographic area (for example, within an office building), Usually, the server has 
applications and data storage that are shared in common by multiple computer users; a computer network 


limited to the immediate area, usually the same building or floor of a building. 


Language Processing The step of ASR in which the system attempts to analyze and make sense 
of the user’s verbal instructions by comparing the word phonemes generated in step 2 with a language model 
database. 

Language Translator Systems software that converts programs written in assembler or a higher- 


level language into machine code. 


LAPB Link Access Procedure Balanced. 

LAPD Link Access Procedure on the D Channel. 

LAPF Link Access Procedure for Frame-Mode Bearer Services. 

Laser Printer An output unit that uses intensified light beams to form an image on an electrically charged 


drum and then transfers the image to paper. 


Laser Light Amplification by Stimulated Emission of Radiation. Analog transmission device in 
which a suitable active material is excited by an external stimulus to produce a narrow beam of coherent light 


that can be modulated into pulses to carry data. Networks based on laser technology are sometimes run over 


SONET. 


Last Mile Bottleneck Problem Occurs when information is traveling on the Internet over a very fast line 


for a certain distance and then comes near the user where it must travel over a slower line. 
LAT Local area transport. 


Latency (1) The time it takes a system and network delay to respond. More specifically, system 
latency is the time that a system takes to retrieve data. Network latency is the time it takes for a packet to 
travel from the source to the final destination. (2) The period during which a time bomb, logic bomb, virus or 
worm refrains from overt activity or damage (delivery of the payload). Long latency coupled with vigorous 


reproduction can result in severe consequences for infected or otherwise compromised systems. 
Lawfare The use of international law to damage an opponent in a war without use of arms. 


Lawful Authorization Permission granted to an LEA under certain conditions to intercept 
specified telecommunications and requiring cooperation from an NWO/AP/SyP. Typically, this refers to a 
warrant or order issued by a lawfully authorized body. 


Laws and Regulations Federal, government-wide and organization-specific laws, regulations, 
policies, guidelines, standards, and procedures mandating requirements for the management and protection of 


information technology resources. 
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Laws of War The body of law that define the legality of using armed force to resolve a conflict (jus ad 
bellum) and the laws that define the legality of the actual hostilities and related activities (jus in bello). 


Layer 2 Switches Data link level devices that can divide and interconnect network segments and help to reduce 


collision domains in Ethernet-based networks. 


Layer 3 and 4 Switches Switches with operating capabilities at layer 3 and layer 4 of the open 
systems interconnect (OSI) model. These switches look at the incoming packet’s networking protocol, e.g., IP, 
and then compare the destination IP address to the list of addresses in their tables, to actively calculate the best 


way to send a packet to its destination. 


Layer 3 Switching The layer 3 switching technology integrates routing with switching to 
yield very high routing throughput rates in the millions-of-packets-per-second range. The movement to layer 3 
switching is designed to address the downsides of the current generation of layer 2 switches, which are 
functionally equivalent to bridges. These downsides for a large, flat network include being subject to broadcast 
storms, spanning tree loops, and address limitations that drove the injection of routers into bridged networks 


in the late 1980s. Currently, layer 3 switching is represented by a number of approaches in the industry. 
Layer 4-7 switches Used for load balancing among groups of servers. 


Layered Defense A combination of security services, software and hardware, infrastructures, and processes 
which are implemented to achieve a required level of protection. These mechanisms are additive in nature with 


the minimum protection being provided by the network and infrastructure layers. 


Layered Socket Provider Layered Service Provider is a deprecated feature of the Microsoft 
Windows Winsock 2 Service Provider Interface (SPI). A Layered Service Provider is a DLL that uses 
Winsock APIs to attempt to insert itself into the TCP/IP ptotocol stack. Once in the stack, a Layered Service 
Provider can intercept and modify inbound and outbound Internet traffic. It allows processing of all the 
TCP/IP traffic taking place between the Internet and the applications that are accessing the Internet (such as a 


web browser, the email client, etc.) 


LCN Logical Channel Number (X.25). 
LCP Link Control Protocol (X.25). 
LCR Least Cost Routing. The automatic selection of the most economically available route for 


each outgoing trunk call. 


LDAP Lightweight Directory Access Protocol. LDAP is a set of protocols used for accessing 
information directories. It is a less comprehensive version of the standards within the X.500, another standard 
definition of global directories. LDAP also supports Transmission Control Protocol/ Internet Protocol 
(TCP/ IP), the set of protocols necessary to connect hosts to the Internet. Although not yet widely used, 
LDAP has the potential to allow almost any application to run on any computer platform and obtain directory 
information, eventually leading the way to a global white pages. 


LDAP Lightweight Directory Access Protocol. This protocol provides access for management and 
browser application that provide read/write interactive access to the X.500 Directory. 


LDN Local Dial Number (ISDN). 


LEA Law Enforcement Agency. Organization authorized by a lawful authorization based 


on a national law to receive the results of telecommunications interceptions. 
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Learning Continuum A representation in which the common characteristic of learning is 


presented as a series of variations from awareness through training to education. 


Learning Objective A link between the verbs from the “knowledge levels” section to the 
“Behavioral Outcomes” by providing examples of the activities an individual should be capable of doing after 
successful completion of training associated with the cell. Learning Objectives recognize that training must be 


provided at Beginning, Intermediate, and Advanced levels. 
Learning Knowledge gained by study (in classes or through individual research and investigation). 


Leased Circuit | Communications link between two locations used exclusively by one organization. In 


modern communications, dedicated bandwidth on a shared link reserved for that user. 


Leased Line Refers to line such as a telephone line or fiber-optic cable that is rented for exclusive 24- 
hour, 7-days-a-week use from your location to another location. The highest speed data connections require a 


leased line. 


Least Privilege The security objective of granting users only those accesses they need to perform their 
official duties. The principle that a security architecture should be designed so that each entity is granted the 


minimum system resources and authorizations that the entity needs to perform its function. 


Least Recently Used (LRU) A replacement strategy in which new data must replace existing data in an 


area of storage; the least recently used items are replaced. 


Least Significant Bit Steganography A substitution method of steganography where the right most bit in a 
binary notation is replaced with a bit from the embedded message. This method provides “security through 


obscurity”, a technique which can be rendered useless if an attacker knows the technique is being used. 


Least Trust The principal that a security architecture should be designed in a way that minimizes (1) the 


number of components that require trust, and (2) the extent to which each component is trusted. 


Legacy Information System An operational IS that existed prior to the implementation of the 
DITSCAP. 


Legacy system A previously built system using older technologies such as mainframe computers and 


programming languages such as COBOL. 
Legacy System Outdated computer systems. 


Legal Advice and Advocacy In the NICE Workforce Framework, cybersecurity work where a person 
provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics 
within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client 


via a wide range of written and oral work products, including legal briefs and proceedings. 


LEMF Law Enforcement Monitoring Facility. Law enforcement facility designated as the 


transmission destination for the results of interception relating to a particular interception subject. 


Length Extension Attack A class of attack on message authentication codes, where a tag can be 
forged without the key by extending a pre-existing message in a particular way. CBC-MAC in its simplest form 
has this problem, but variants protect against it (particularly OMAC). 


Letter Bomb A Trojan horse that triggers when an e-mail message is read. 
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Level of ConcernRating assigned to an information system indicating the extent to which protection measures, 
techniques, and procedures must be applied. High, Medium, and Basic are identified levels of concern. A 


separate Level-of-Concern is assigned to each information system for confidentiality, integrity, and availability. 


Level of Protection Extent to which protective measures, techniques, and procedures must be 
applied to information systems and networks based on risk, threat, vulnerability, system interconnectivity 
considerations, and information assurance needs. Levels of protection are (1) Basic: information systems and 
networks requiring implementation of standard minimum security countermeasures. (2) Medium: information 
systems and networks requiring layering of additional safeguards above the standard minimum security 
countermeasures. (3) High: information systems and networks requiring the most stringent protection and 


rigorous security countermeasures. 


Liability Condition of being or potentially subject to an obligation; condition of being responsible for 
a possible or actual loss, penalty, evil, expense, or burden. Condition that creates a duty to perform an act 
immediately or in the future, including almost every character of hazard or responsibility, absolute, contingent, 


ot likely. 


Life-Cycle Process The multistep process that starts with the initiation, analysis, design, and 


implementation, and continues through the maintenance and disposal of the system. 


Likelihood of Occurrence In Information Assurance risk analysis, a weighted factor based on a 


subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability. 


Likelihood A component of risk, likelihood describes the chance that a risk will be realised and the 
negative impact will occur. It is typically described in general terms like "low," "medium," and "high". 
Sometimes an actual probability is possible (e.g., the probability of two documents producing the same CRC- 
16 is approximately I in 65536). The likelihood of a technical risk is often related to the likelihood of a 
vulnerability being successfully exploited. This likelihood is often influenced by factors like how accessible the 
vulnerability is, the degree to which special tools need to be used to be successful, the amount of specialised 
knowledge an attacker needs, and so on. Likelihood is combined with impact to produce a severity estimate for 


a risk. 


Likert Scale an evaluation tool that is usually from one to five (one being very good; five being not good, 


or vice versa), designed to allow an evaluator to prioritize the results of the evaluation. 


Limit Check An input control text that assesses the value of a data field to determine whether values fall 


within set limits. 


Limited Maintenance COMSEC maintenance restricted to fault isolation, removal, and 


replacement of plug-in assemblies. Soldering or unsoldering usually is prohibited in limited maintenance. 


Line Conditioning Elimination of unintentional signals or noise induced or conducted on a 


telecommunications or information system signal, power, control, indicator, or other external interface line. 


Line of Business The following OMB-defined process areas common to virtually all federal agencies: Case 
Management, Financial Management, Grants Management, Human Resources Management, Federal Health 
Architecture, Information Systems Security, Budget Formulation and Execution, Geospatial, and IT 
Infrastructure. “Lines of business” or “areas of operation” describe the purpose of government in functional 
terms or describe the support functions that the government must conduct in order to effectively deliver 


services to citizens. Lines of business relating to the purpose of government and the mechanisms the 
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government uses to achieve its purposes tend to be mission-based. Lines of business relating to support 

functions and resource management functions that are necessary to conduct government operations tend to be 
g y 8 P 

common to most agencies. The recommended information types provided in NIST SP 800-60 are established 

from the “business areas” and “lines of business” from OMB’s Business Reference Model (BRM) section of 

Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3. 


Line Printer An output unit that prints alphanumeric characters one line at a time. 
Line Speed The transmission rate of signals over a circuit, usually expressed in bits per second. 
Linear Cryptanalysis A type of cryptanalytic attack where linear approximations of behavior are 


used. Modern ciphers of merit are designed in such a way as to thwart such attacks, Also note that such attacks 
generally require enough chosen plaintexts as to be considered unfeasible even when there is a cipher that 


theoretically falls prey to such a problem (such as DES). 


Linear Feedback Shift Register A non-cryptographic class of pseudo-random number generators, where 
output is determined by shifting out "output" bits and shifting in "input" bits, where the input bits are a 
function of the internal state of the register, perhaps combined with new entropy. LFSRs are based on 
polynomial math, and are not secure in and of themselves; however, they can be put to good use as a 


component in more secure cryptosystems. 


Linguistic Steganography The method of steganography where a secret is embedded in a harmless 


message. 


Link Encryption Link encryption encrypts all of the data along a communications path (e.g., a satellite link, 
telephone circuit, or TI line). Since link encryption also encrypts routing data, communications nodes need to 


decrypt the data to continue routing; Encryption of information between nodes of a communications system. 


Linkage The purposeful combination of data or information from one information system with that 


from another system in the hope of deriving additional information. 


Linkjacking Linkjacking is a practice used to redirect one website's links to another. This is usually 
accomplished by submitting someone else's content to an aggregator website, which in turn drives traffic to the 


secondary site, rather than that of the original creator. 


Linux An open source operating system that provides a rich operating environment for high-end 


workstations and network servers. 
List Definition Table A description of a list by column. 


List A collection of information arranged in columns and rows in which each column displays 


one particular type of information. 


List-Oriented Information system protection in which each protected object has a list of all subjects 


authorized to access it. 


Little endian Refers to machines representing words of data least significant byte first, such as the Intel 
x86. 
LLC Logical Link Control. The portion of the link level protocol in the 802 standards that is in 


direct contact with higher-level layers. 


LLD Development, low-level design, 
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LMD/KP Local Management Device/ Key Processor. EKMS platform providing automated 
management of COMSEC material and generating key for designated users. 


LMDS Local Multipoint Distribution Services. A method of distributing TV signals to households 
in a local community. LMDS uses broadcast microwave signals to contact local dishes. The received signal is 


then distributed through the central CATV system. 
LMI Local Management Interface (Frame Relay). 


Load Sharing A multiple-computer system that shares the load during peak hours. During non-peak 


periods or standard operation, one system can handle the entire load with the others acting as fallback units. 


Local Access Access to an organizational information system by a user (or process acting on behalf of a 


user) communicating through a direct connection without the use of a network. 


Local Authority Organization responsible for generating and signing user certificates in a PKI-enabled 


environment. 


Local Code(s) A generic term for code values that are defined for a state or other political 
subdivision, or for a specific payer. This term is most commonly used to describe HCPCS Level II Codes, 
but also applies to state-assigned Institutional Revenue Codes, Condition Codes, Occurrence Codes, Value 
Codes, etc. 


Local Loop The physical connection from the subscriber’s premises to the carrier’s point of presence 


(POP). The local loop can be provided over any suitable transmission medium. 


Location Information Information relating to the geographical, physical, or logical location of an 


identity relating to an interception subject. 


Lock/ key Protection System A protection system that involves matching a key or a password with a 


specified access requirement. 


Log A file that is created automatically when certain predefined (often security-related) events 
occur within a computer system or network. Log data includes date/time stamp, description of the event, and 
information unique to that event. These files are useful for troubleshooting technical issues or a data breach 


investigation. 


Logged-on but Unattended A workstation is considered logged on but unattended when the user is (1) 
logged on but is not physically present in the office; and (2) There is no one else present with an appropriate 
level of clearance safeguarding access to the workstation. Coverage must be equivalent to that which would be 
required to safeguard hard copy information if the same employee were away from his or her desk. Users of 


logged on but unattended classified workstations are subject to the issuance of security violations. 
Logging The automatic recording of data for the purpose of accessing and updating it. 


Logic Bomb A software application or series of instructions that cause a system or network to shut down 


and/or to erase all data or software on the network. A logic bomb is a type of malware. 


Logical Access Controls The policies, procedures, organizational structure and electronic access 


controls designed to restrict access to computer software and data files. 


Logical Completeness Measure Means for assessing the effectiveness and degree to which a set of security 


and access control mechanisms meets security specifications. 
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Logical Error A programming error that causes the wrong processing to take place in a syntactically valid 
program. 

Logical File Organization The sequencing of data records in a file according to their key. 

Logical Operation A comparison of data values within the arithmetic logic unit. These 


comparisons show when one value is greater than, equal to, or less than a second value. 


Logical Operator A symbol used in programming that initiates a comparison operation of two or more data 


values. 


Logical Organization Data elements organized in a manner that meets human and organizational 


processing needs. 


Logical Perimeter A conceptual perimeter that extends to all intended users of the system, both directly and 
indirectly connected, who receive output from the system without a reliable human review by an appropriate 


authority. The location of such a review is commonly referred to as an air gap. 


Logically Disconnect Although the physical connection between the control unit and a terminal 
remains intact, a system enforced disconnection prevents communication between the control unit and the 
terminal. 

LOINC Logical Observation Identifiers, Names and Codes. 

Long Title Descriptive title of a COMSEC item. 

Loop A repeating structure or process. 

Loophole An error of omission or oversight in software, hardware, or firmware that permits 


circumventing the access control process. 


LOS Line-of-Sight. Defined by the Fresnel Zone. Fresnel zone clearance is the minimum clearance 
over obstacles that the signal needs to be sent over. Reflection or path bending occurs if the clearance is not 
sufficient. 

Lost Pouch Any pouch-out-of-control which is not recovered. 

Low Impact The loss of confidentiality, integrity, or availability that could be expected to have a limited 


adverse effect on organizational operations, organizational assets, individuals, other organizations, or the 
national security interests of the United States; (i.e., 1) causes a degradation in mission capability to an extent 
and duration that the organization is able to perform its primary functions, but the effectiveness of the 
functions is noticeably reduced; 2) results in minor damage to organizational assets; 3) results in minor 


financial loss; or 4) results in minor harm to individuals). 


Low Probability of Detection Result of measures used to hide or disguise intentional electromagnetic 
transmissions. 
Low Probability of Intercept Result of measures to prevent the intercept of intentional electromagnetic 


transmissions. The objective is to minimize an adversary's capability of receiving, processing, or replaying an 


electronic signal. 


Low-Impact System An information system in which all three security objectives (ie., 


confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low; An 
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information system in which all three security properties (i.e., confidentiality, integrity, and availability) are 


assigned a potential impact value of low. 


LRA Local Registration Authority. A Registration Authority with responsibility for a local 
community. A Registration Authority with responsibility for a local community in a PKI-enabled environment. 
LSA Link-state advertisement. 

LSP (1) Layered Socket Provider. 

LSP (2) Link State Packet. 

LT Local termination. 

LTC Long-Term Care. 

LulzSec Is a splinter "hacktivist" group that branched off from Anonymous in May 2011 and shares 
similar social and political motivations. The two groups appear to have similar agendas and overlapping 
membership. 

M+CO Medicare Plus Choice Organization, 

MAC (1) Mandatory Access Control. A means of restricting access to system resources based on the 


sensitivity (as represented by a label) of the information contained in the system resource and the formal 


authorization (i.e., clearance) of users to access information of such sensitivity. 


MAC (2) Message Authentication Code. A cryptographic checksum on data that uses a symmetric key 
to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity 


protection, but not non repudiation protection. 


MAC Address — Standardized data-link layer address ingrained into a NIC that is required for every port or 
device that connects to a LAN. Other devices in the network use these addresses to locate specific ports in the 
network and to create and update routing tables and data structures. MAC addresses are 6 bytes long and are 
controlled by the IEEE. 


MAC Header Represents the hardware address of an network interface controller (NIC) 
inside a data packet. 


Mac OS The family of Macintosh operating systems developed by Apple Inc. includes the graphical 
user interface-based operating systems it has designed for use with its Macintosh series of personal computers 


since 1984, as well as the related system software it once created for compatible third-party systems. 


Machine Language Computer instructions or code representing computer operations and 


memory addresses in a numeric form that is executable by the computer without translation. 


Machine Learning and Evolution A field concerned with designing and developing artificial intelligence 


algorithms for automated knowledge discovery and innovation by information systems. 


Macro Virus A macro virus is a computer virus written in the same macro language used for software 
applications like word processors. Its effect is to release a chain of events in conjunction with the application. 
Microsoft Word is an example of an application susceptible to macro viruses; this explains why it is a bad idea 


to open suspicious or unknown attachments even if they may appear legitimate. 
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Madison Project A code name for IBM’s Electronic Music Management System (EMMS). EMMS is being 


designed to deliver piracy-proof music to consumers via the Internet. 


Magicgate A memory media stick from Sony designed to allow users access to copyrighted music or 


data. 


Magnetic Disk A storage device consisting of metallic platters coated with an oxide substance that allows 


data to be recorded as patterns of magnetic spots. 


Magnetic Remanence Magnetic representation of residual information remaining on a magnetic 


medium after the medium has been cleared. 


Magnetic Tape A storage medium consisting of a continuous strip of coated plastic film wound onto a reel 


and on which data can be recorded as defined patterns of magnetic spots. 


Mail Bomb Email bomb. In Internet usage, an email bomb is a form of net abuse consisting of sending 
huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the 


email address is hosted in a dental-of-service attack. 


Mail Gateway A machine that connects two or more e-mail systems (especially dissimilar mail systems on 
two different networks) and transfers messages between them. Sometimes the mapping and translation can be 
quite complex, and generally it requires a store-and-forward scheme whereby the message is received from one 


system completely before it is transmitted to the next system after suitable translations. 


Mail Relay ServerAn e-mail server that relays messages where neither the sender nor the receiver is a local user. 


A risk exists that an unauthorized user could hijack these open relays and use them to spoof their own identity. 
Mail Server Provides e-mail services and accounts. 


Mail-Bombing — Sending large numbers of unwanted e-mail messages to a single recipient or to a group of 


such recipients. To be distinguished from spamming. Mail-bombing is a form of denial of service. 
Mailing List Discussion groups organized by area of interest. 


Mainframe Computer A computer designed to meet the computing needs of hundreds of people 


in a large business environment. 


Mainframe A large high-speed computer, especially one supporting numerous workstations or 


peripherals. 
Maintainability The general ease of a system to be maintained, at all levels of maintenance. 


Maintenance Hook Special instructions (trapdoors) in software allowing easy maintenance and 
additional feature development. Since maintenance hooks frequently allow entry into the code without the 


usual checks, they are a serious security risk if they are not removed prior to live implementation. 
Maintenance Key Key intended only for in-shop use. 


Maintenance Organization The government organization responsible for the maintenance of an IS. 
(Although the actual organization performing maintenance on a system may be a contractor, the maintenance 


organization is the government organization responsible for the maintenance.). 


Maintenance Phase Monitors and supports the new system to ensure it continues to meet the 


business goals. 
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Maintenance Programmer An applications programmer responsible for making authorized changes to 


one or more computer programs and ensuring that the changes are tested, documented, and verified. 
Maintenance Tasks associated with the modification or enhancement of production software. 


Major Application An application that requires special attention to security due to the risk 
and magnitude of the harm resulting from the loss, misuse, or unauthorized access to, or modification of, the 
information in the application. A breach in a major application might comprise many individual application 
programs and hardware, software, and telecommunications components. Major applications can be either 
major software applications or a combination of hardware/software where the only purpose of the system is to 


support a specific mission-related function. 


Major Information System An information system that requires special management attention because 
of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant 


role in the administration of agency programs, finances, property, or other resources. 


Malicious Applet A small application program that is automatically downloaded and executed and that 


performs an unauthorized function on an information system, 


Malicious Code Software or firmware intended to perform an unauthorized process that will have adverse 
impact on the confidentiality, integrity, or availability of an information system; a virus, worm, Trojan horse, 
or other code-based entity that infects a host. Spyware and some forms of adware are also examples of 


malicious code. 


Malicious Logic Hardware, firmware, or software that is intentionally included or inserted in a system to 
8 y y' 
perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or 


availability of an information system, 


Malware Malicious Software. A program that is inserted into a system, usually covertly, with the 
intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or 
operating system or of otherwise annoying or disrupting the victim. A virus, worm, Trojan horse, or other 


code-based malicious entity that successfully infects a host. 


MAN Metropolitan Area Network; Municipal Area Network. A network that covers a 


metropolitan area. 


Management Controls The security controls (i.e, safeguards or countermeasures) for an 
information system that focus on the management of risk and the management of information system security. 
Actions taken to manage the development, maintenance, and use of the system, including system-specific 
policies, procedures and rules of behavior, individual roles and responsibilities, individual accountability, and 


personnel security decisions. 


Management Security Controls The security controls (i.e, safeguards or countermeasures) for an 


information system that focus on the management of risk and the management of information systems security. 


Management System A set of processes used by an organisation to meet policies and objectives 


for that organisation. 


Mandatory Modification Change to a COMSEC end-item that NSA requires to be completed and 
reported by a specified date. 
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Manipulative Communications Deception Alteration or simulation of friendly telecommunications 


for the purpose of deception. 


Manual Cryptosystem Cryptosystem in which the cryptographic processes are performed without 


the use of crypto-equipment or auto-manual devices. 


Manual Key Transport A non-automated means of transporting cryptographic keys by physically 


moving a device, document, or person containing or possessing the key or key component. 


Manual Remote Rekeying Cooperative remote rekeying. Procedure by which a distant crypto- 


equipment is rekeyed electronically, with specific actions required by the receiving terminal operator. 
MAP Manufacturing Automation Protocol. 


Maritime Strategy Naval objectives for sea control, maritime power projection, and control 


and protection of shipping. The Naval objectives in support of the National Strategy. 


Marketing Mix The set of marketing tools that a firm uses to pursue its marketing objectives in the target 


market. 


MASINT Measurement and Signature Intelligence, a technical branch of intelligence gathering, which 
serves to detect, track and identify or describe the signatures (distinctive characteristics) of fixed or dynamic 


target sources. This often includes radar, acoustic, nuclear, chemical and biological intelligence. 


Masking A computerized technique of blocking out the display of sensitive information, such as 


passwords, on a computer terminal or report. 


Masquerade A type of security threat that occurs when an entity successfully pretends to be a different 
entity. 
masquerading _A type of threat action whereby an unauthorized entity gains access to a system or performs 


a malicious act by illegitimately posing as an authorized entity. 


Mass Customization When a business gives its customers the opportunity to tailor its product 


or service to the customer's specifications. 
Master Boot Record virus 


Master Cryptographic Ignition Key Key device with electronic logic and circuits providing the capability for 
adding more operational CIKs to a keyset. 


Master File An automated file that contains semi-permanent or permanent information and is 


maintained over a time period required by organizational policy. 


Master Plan A long-range plan, derived from the notional architecture, for development and procurement 


of capabilities. 


Master Program in distributed denial-of-service (DDoS) attacks, a program that communicates with 
implanted zombie or slave programs on compromised systems. The master program usually transmits 
encrypted instructions to zombies with details of which targeted system to swamp with junk transmissions at 


exactly what time. 


Match/ matching The process of comparing biometric information against a previously stored template(s) and 


scoring the level of similarity. 
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Matrix Display The alphanumeric representation of characters as patterns of tiny dots in specific positions 


on a display terminal. 


Matrix Printer A hard-copy printing device that forms alphanumeric characters with small pins arranged in 


a matrix of rows and columns. 
Mature System A fully operational system that performs all the functions it was designed to accomplish, 


Matyas-Meyer-Oseas A construction for turning a block cipher into a cryptographic one-way 


hash function. 
MAU Media Attachment Unit. 


Maximum Tolerable Downtime The amount of time mission/business ptocesses can be disrupted without 


causing significant harm to the organization‘s mission. 
MB Megabyte. A Megabyte is 1,048,576 bytes or 1,024 Kilobytes. 


MBS Mobile Base Stations. Component of cellular network that provides data link relay functions 


for a set of radio channels serving a cell. 


MCF The Modular Crypt Format, a de-facto data format standard for storing password hashes 
commonly used on UNIX boxes as a replacement for the traditional UNIX crypt() format. 

MCO Managed Care Organization, 

M-commerce The Mobile e-commerce (m-commerce) is a term that describes online 


sales transactions that use wireless electronic devices such as hand-held computers, mobile phones or laptops. 
These wireless devices interact with computer networks that have the ability to conduct online merchandise 
purchases. Any type of cash exchange is referred to as an e-commerce transaction. Mobile e-commerce is just 


one of the many subsets of electronic commerce. 


MCS TOE access, limitation on multiple concurrent sessions. 

MD2 A cryptographic hash function optimized for 16-bit platforms. It has poor performance 
characteristics on other platforms and has a weak internal structure. 

MD4 A cryptographic hash function that is known to be broken and should not be used under any 
circumstances. 

MD5 Hash Value A mathematically generated string of 32 letters and digits that is unique 
for an 

MDS5 A popular and fast cryptographic hash function that outputs 128-bit message digests. Its 
internal structure is known to be weak and should be avoided if at all possible. 

MD5-MCF A way of using MDS to store password authentication information, using the modular crypt 
format. 


MDA Tools Multidimensional Analysis Tools. Slice and dice techniques that allow viewing 


multidimensional information from different perspectives. 


MDC2 A construction for turning a block cipher into a cryptographic hash function, where the 
output length is twice the block size of the cipher. 
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MDM Master Data Management. Is a comprehensive method of enabling an enterprise to link all 


of its critical data to one file, called a master file, that provides a common point of reference. 


MD-Strengthening Merkel-Damgard strengthening, a general method for turning a collision- 
resistant compression function into a collision-resistant hash function by adding padding and an encoded 
length to the end of the input message. The key point behind MD-strengthening is that no possible input to 
the underlying hash function can be the tail end of a different input. 


MDx Message Digest (e.g., MDS). 


Mechanisms An assessment object that includes specific protection-related items (e.g, 


hardware, software, or firmware) employed within or at the boundary of an information system. 


Media Access Control Address A unique identifier assigned to network interfaces for communications on 


the physical network segment. 


Media Access Control Lower of the two sub-layers of the data-link layer defined by the IEEE. 
The MAC sub-layer handles access to shared media, such as whether token passing or contention will be used. 


A local network control protocol that governs station access to a shared transmission medium. Examples are 


token passing and CSMA. 


Media Sanitization A general term referring to the actions taken to render data written on 
media unrecoverable by both ordinary and extraordinary means. The actions taken to render data written on 


media unrecoverable by both ordinary and extraordinary means. 


Media Consumer electronic devices that store or play digital files such as audio, images, video, 
documents, etc. Physical devices or writing surfaces including but not limited to magnetic tapes, optical disks, 
magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) 


onto which information is recorded, stored, or printed within an information system, 


Mediation Function A mechanism that passes information between an NWO, an AP or an SvP, 


and a handover interface, and information between the internal network interface and the handover interface. 


Mediation Action by an arbiter that decides whether or not a subject or process is permitted to perform 


a given operation on a specified object. 


Meet-in-the-Middle Attack A theoretical attack against encrypting a message twice using a single block 
cipher and two different keys. For example, double encryption with DES theoretically is no more secure than 
DES, which is why Triple DES became popular (it gives twice the effective key strength). 


Meme An idea, behaviour or style that spreads from person to person within a culture. The word 
was originally coined by British evolutionary biologist Richard Dawkins in his book The Selfish Gene, but is 
most commonly associated with the internet occurrence of when a concept (especially via videos and images) 


spreads rapidly via social networking services and websites. 

Memory Address The location of a byte or word of storage in computer memory. 

Memory Bounds The limits in the range of storage addresses for a protected region in memory. 
Memory Chips A small integrated circuit chip with a semiconductor matrix used as computer memory. 


Memory Scavenging The collection of residual information from data storage. 


183 


Xingan Li & Peilin Li 


Memory Stick A removable solid-state memory device. 


Memory The area in a computer that serves as temporary storage for programs and data during 


program execution. 


Menu A section of the computer program--usually the top-level module--that controls the order of 
execution of other program modules. Also, online options displayed to a user, prompting the user for specific 


input. 


Merchant Bank A bank or financial institution that processes credit and/or debit card payments on behalf of 


merchants. 


Message Address The information contained in the message header that indicates the destination of the 


message. 


Message Digest Algorithm Message digest algorithms are SHAI, MD2, MD4 and 
MDS. These algorithms are one-way functions unlike private and public key encryption algorithms. All digest 
algorithms take a message of arbitrary length and produce a 128-bit message digest. 


Message Digest A message digest is a fixed-size representation of a message, created by a keyless 
transformation function called a hash. A hash may condense a one-megabyte message into a 128- or 160-bit 
digest. To send a signed message, the message originator's computer generates a digest for the message, 
computes a digital signature as a function of the digest and the originator's private key, and transmits both 
message and signature. The recipient generates a digest for the received message, then uses the digest, the 
originator's public key, and the received signature to verify the originator's identity. Provided the original hash 


function is secure, signing a message digest provides the same security services as signing the message itself. 
Message Externals Information outside of the message text, such as the header, trailer, etc. 


Message Indicator Sequence of bits transmitted over a communications system for 


synchronizing cryptographic equipment. 


Message Integrity A message has integrity if it maintains the value it is supposed to maintain, as opposed to 


being modified on accident or as part of an attack. 
Message Stream The sequence of messages or parts of messages to be sent. 


Message (1) The data input by the user in the online environment that is used to drive a transaction. 
The output of transaction. (2) In steganography, the data a sender wishes to remain confidential. This data can 


be text, still images, audio, video or anything that can be represented as a bitstream. 


Messaging Application An application based on a store and forward paradigm; it requires an 


appropriate security context to be bound with the message itself. 


Messaging Service An interactive service that offers user-to-user communication between 
individual users via storage units with store-and-forward, and mailbox or message handling functions (e.g., 


information editing, processing, and conversion). 
Messaging-Based Workflow System Sends work assignments through an e-mail system. 
Metadata The description of such things as the structure, content, keys, and indexes of data. 


Metalanguage A language used to specify other languages. 
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Metatag A part of a Web site text not displayed to users but accessible to browsers and search 
engines for finding and categorizing Web sites. 


Method A function, capability, algorithm, formula, or process that an object is capable of performing. 


Methodology A mature set of processes applied to various stages of an applications' 


lifecycle to help reduce the likelihood of security vulnerabilities presence or exploitation. 


Metrics A metric is a standard unit of measure, such as meter or mile for length, or gram or ton for 
weight, or more generally, part of a system of parameters, or systems of measurement, or a set of ways of 
quantitatively and periodically measuring, assessing, controlling or selecting a person, process, event, or 
institution, along with the procedures to carry out measurements and the procedures for the interpretation of 


the assessment in the light of previous or comparable assessments. 


Metropolitan Area Network A data network intended to serve an area approximating that of a large city. 
Such networks are being implemented by innovative techniques, such as running fiber cables through subway 


tunnels. 


MGC Management Client. A configuration of a client node that enables a KMI external 
operational manager to manage KMI products and services by either (1) accessing a PRSN, or (2) exercising 
locally provided capabilities. An MGC consists of a client platform and an advanced key processor (AKP). 


MGMA Medical Group Management Association. 


MHS Message Handling System. The system of message user agents, message transfer agents, 
message stores, and access units that together provide OSI e-mail. MHS is specified in the ITUTSS X.400 


series of recommendations. 
MHz Megahertz. The number of millions of CPU cycles per second. 


MIAS Millions of Instructions Per Second. Used as a measure for assessing the speed of mainframe 


computers. Also, meaningless indicator of processor speed. 
MIB Management information base. 


MICR Magnetic Ink Character Recognition, An input method under which data is encoded in 
special ink containing iron particles. These particles can be magnetized and sensed by special machines and 


converted into computer input. 


Micro-Blog Online platforms that allow users to exchange small elements of content such as short 


sentences, individual images, or video links (e.g. Twitter). 


Microcomputer A small microprocessor-based computer built to handle input, output, processing, and 


storage functions. 


Microdot A detailed form of microfilm that has been reduced to an extremely small size for ease of 


transport and purposes of security. 
Microfilm A film for recording alphanumeric and graphics output that has been greatly reduced in size. 
Micro-Payment A technique to facilitate the exchange of small amounts of money for an Internet transaction, 


Microphone For capturing live sounds, such as human voice. 
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Microprocessor A single small chip containing circuitry and components for arithmetic, logical, and control 


operations. 


Microsoft Security Essentials Microsoft Security Essentials (MSE) is an antivirus software (AV) 
product that provides protection against different types of malicious software such as computer viruses, 
spyware, rootkits and Trojan horses. Before version 4.5, MSE ran on Windows XP, Windows Vista and 
Windows 7, but not on Windows 8 and later, which have built-in AV components. Built upon the same virus 
definitions and scanning engine as other Microsoft antivirus products, MSE provides real-time protection, 
constantly monitoring activities on the computer and scanning new files as they are downloaded or created and 
disabling detected threats. It lacks the personal firewall of OneCare or the centralized management features of 
Forefront Endpoint Protection. 


Middleware The distributed software needed to support interactions between client and servers. 
MIDI Musical instrument digital interface. 
Miller-Rabin A primality test that is efficient because it is probabilistic, meaning that 


there is some chance it reports a composite (non-prime) number as a prime. There is a trade-off between 
efficiency and probability, but one can gain extremely high assurance without making unreasonable sacrifices in 


efficiency. 
MIME Multipurpose Internet Mail Extensions. 
Mimicking Spoofing. 


Min-Entropy A measure of the difficulty that an Attacker has to guess the most 


commonly chosen password used in a system. 


Miniature Fragment Attack Using this method, an attacker fragments the IP packet into smaller ones 
and pushes it through the firewall, in the hope that only the first of the sequence of fragmented packets would 


be examined and the others would pass without review. 


Minicomputer Typically, a word-oriented computer whose memory size and processing speed falls between 


that of a microcomputer and a medium-sized computer. 


Minimalist Cryptography Cryptography that can be implemented on devices with very limited 
memory and computing capabilities, such as RFID tags. 

Minimum Level of Protection The reduction in the total risk that results from the impact of in-place 
safeguards. 


Minimum Scope of Disclosure The principle that, to the extent practical, individually identifiable health 
information should only be disclosed to the extent needed to support the purpose of the disclosure. 


Minimum Security Baseline Assessment An evaluation of controls protecting an information 


system against a set of minimum acceptable security requirements. 


Minimum Security Baseline A set of minimum acceptable security controls, which are applicable to a 


range of information technology systems. 


Minor Application An application, other than a major application, that requires attention to 


security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or 
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modification of the information in the application. Minor applications are typically included as part of a 


general support system. 


Mirror Image Backup Mirror image backups involve the backup of all areas of a computer hard 
disk drive or another type of storage media (e.g., Zip disks, floppy disks, Jazz disks, etc.). Such mirror image 
backups exactly replicate all sectors on a given storage device. Thus, all files and ambient data storage areas are 
copied. Such backups are sometimes referred to as “evidence-grade” backups and they differ substantially from 
standard file backups and network server backups. The making of a mirror image backup is simple in theory, 
but the accuracy of the backup must meet evidence standards. Accuracy is essential and to guarantee accuracy, 
mirror image backup programs typically rely on mathematical CRC computations in the validation process. 
These mathematical validation processes compare the original source data with the restored data. When 
computer evidence is involved, accuracy is extremely important, and the making of a mirror image backup is 


typically described as the preservation of the “electronic crime scene.” 


Mirror Generally speaking, "to mirror" is to maintain an exact copy of something. Probably the 
most common use of the term on the Internet refers to "mirror sites" which are web sites, or FTP sites that 
maintain copies of material originated at another location, usually in order to provide more widespread access 
to the resource. For example, one site might create a library of software, and 5 other sites might maintain 


mirrors of that library. 


Mirrored Site An alternate site that contains the same information as the original. 
Mirrored sites are set up for backup and disaster recovery and to balance the traffic load for numerous 


download requests. Such download mirrors are often placed in different locations throughout the Internet. 


MIS Management Information Systems. Deals with the planning, development, management, and 
use of information technology tools to help people perform tasks related to information processing and 


management. 


Mishap Risk An expression of the possibility and impact of an unplanned event or 
series of events resulting in death, injury, occupational illness, damage to or loss of equipment or property 
(physical or cyber), or damage to the environment in terms of potential severity of consequences and 


likelihood of occurrence. 


Misnamed Files A technique used to disguise a file’s content by changing the file's name to something 
innocuous or altering its extension to a different type of file, forcing the examiner to identify the files by file 


signature versus file extension. 


MISPC Minimum interoperability specification of PKI components; a standard that specifies a 
minimal set of features, transactions, and data formats for the various certification management components 


that make up a PKI. 


Mission Assurance Category A Department of Defense Information Assurance Certification and 
Accreditation Process (DIACAP) term primarily used to determine the requirements for availability and 
integrity. 


Mission Criticality The property that data, resources, and processes may have, which denotes 
that the importance of that item to the accomplishment of the mission is sufficient to be considered an 


enabling/ disabling factor. 
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Mission Justification The description of the operational capabilities required to perform an 
assigned mission. This includes a description of a system’s capabilities, functions, interfaces, information 


processed, operational organizations supported, and the intended operational environment. 


Mission A specific task with which a person, or group of individuals, or organization is entrusted to 
perform. 
Mission/Business Segment Elements of organizations describing mission areas, common/ shared 


business services, and organization-wide services. Mission/business segments can be identified with one or 


more information systems which collectively support a mission/business process. 
Mistake An erroneous human action (accidental or intentional) that produces a fault condition. 


Mitigation The application of one or more measures to reduce the likelihood of an unwanted 
occurrence and/or lessen its consequences. Implementing appropriate risk-reduction controls based on risk 


management priorities and analysis of alternatives. 


MitM Man-in-the-Middle Attack. An attack on the authentication protocol run in which the 
Attacker positions himself in between the Claimant and Verifier so that he can intercept and alter data 
traveling between them. A form of active wiretapping attack in which the attacker intercepts and selectively 
modifies communicated data to masquerade as one or more of the entities involved in a communication 


association. 


Mjuice An online music store that provides secure distribution of MP3s over the Internet. A secure 


player and a download system allow users to play songs an unlimited number of times, but only on a registered 
player. 

MLP Multi-link PPP. 

MLS Multilevel Security. Concept of processing information with different classifications and 


categories that simultaneously permits access by users with different security clearances and denies access to 


users who lack authorization. 


MMDS Multichannel Multipoint Distribution Services. An FCC name for a service where multiple 


video channels are broadcast within a limited geographic area. Often called wireless cable. 


MME Multi-Purpose Internet Mail Extension, The standard for multimedia mail contents in the 


Internet suite of protocols. 


MMP Multi-chassis Multi-link PPP. 

MMS Multimedia Messaging Service. 

MNWE Must not work function. 

Mobile Code Technologies Software technologies that provide the mechanisms for 


the production and use of mobile code (e.g., Java, JavaScript, ActiveX, and VBScript). 


Mobile Code Software programs or parts of programs obtained from remote information systems, 
transmitted across a network, and executed on a local information system without explicit installation or 
execution by the recipient. A program (e.g., script, macro, or other portable instruction) that can be shipped 
unchanged to a heterogeneous collection of platforms and executed with identical semantics. Software 


programs or parts of programs obtained from remote information systems, transmitted across a network, and 
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executed on a local information system without explicit installation or execution by the recipient. Some 
examples of software technologies that provide the mechanisms for the production and use of mobile code 


include Java, JavaScript, ActiveX, VBScript, etc. 


Mobile device A portable computing and communications device with information-storage capability. They 
are portable cartridge/ disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, 
external hard drives, and other flash memory cards / drives that contain nonvolatile memory). Examples include 
notebook and laptop computers, cellular telephones and smart phones, tablets, digital cameras, and audio 


recording devices. 


Mobile Payment Acceptance Using a mobile device to accept and process payment transactions. The 


mobile device is usually paired with a commercially available card-reader accessory. 


Mobile Site The use of a mobile/temporary facility to serve as a business resumption location, The 


facility can usually be delivered to any site and can house information technology and staff. 


Mobile Software Agent Programs that are goal-directed and capable of suspending their execution 


on one platform and moving to another platform where they resume execution. 


Mobile Technologies Wireless devices that can be used for communication and connection to 


the internet. 


Mode of Operation An algorithm for the cryptographic transformation of data that features a 
symmetric key block cipher algorithm. Description of the conditions under which an information system 
operates based on the sensitivity of information processed and the clearance levels, formal access approvals, 
and need-to-know of its users. Four modes of operation are authorized for processing or transmitting 


information dedicated mode, system high mode, compartmented/ partitioned mode, and multilevel mode. 


Model management Component of a DSS that consists of the DSS models and the DSS model 


management system. 


Model A model is a pattern, plan, representation (especially in miniature), or description designed 


to show the main object or workings of an object, system, or concept. 
Modeling The activity of drawing a graphical representation of a design, 


Modem (Modulator/Demodulator) Modulator/demodulator. This is a piece of hardware 
used to connect computers (or certain other network devices) together via a serial cable (usually a telephone 
line). When data is sent from your computer, the modem takes the digital data and converts it to an analog 
signal (the modulator portion). When you receive data into your computer via modem, the modem takes the 


analog signal and converts it to a digital signal that your computer will understand (the demodulator portion). 


Moderate Impact The loss of confidentiality, integrity, or availability that could be expected to have a serious 
adverse effect on organizational operations, organizational assets, individuals, other organizations, or the 
national security interests of the United States; (i.e., (1) causes a significant degradation in mission capability 
to an extent and duration that the organization is able to perform its primary functions, but the effectiveness 
of the functions is significantly reduced; (2) results in significant damage to organizational assets; (3) results in 
significant financial loss; or (4) results in significant harm to individuals that does not involve loss of life or 


serious life threatening injuries). 
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Moderate-Impact System An information system in which at least one security objective (i.e., 
confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of moderate and no 
security objective is assigned a FIPS 199 potential impact value of high. An information system in which at 
least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of 


moderate and no security objective is assigned a potential impact value of high. 


Modification A type of security threat that occurs when its content is modified in an unanticipated 


manner by a non-authorized entity. 


Modularity Modular packages consist of sets of equipment, people, and software tailorable for a wide 


range of missions. 


Modulus In the context of public key cryptography, a value by which all other values are reduced. 
That is, if a number is bigger than the modulus, the value of the number is considered to be the same as if the 


number were the remainder after dividing the number by the modulus. 
MOF Security management, management of functions in TSF. 


Molecules The smallest particle of a substance that retains all the properties of the substance and is 


composed of one or more atoms. 
Monitoring and Surveillance Agents Intelligent agents that observe and report on equipment. 


Monitoring Policy Rules outlining or delineating the way in which information about the use 


of computers, networks, applications and information is captured and interpreted. 


Monitoring Software Software products that allow parents to monitor or track the websites or 


email messages that a child visits or reads. 
MOP Maintenance Operation Protocol. 


Mosaic attack = A watermarking attack that is particularly useful for images that are distributed over the 
Internet. It relies on a web browsers ability to assemble mutiple images so they appear to be one image. A 
watermarked image can be broken into pieces but displayed as a single image by the browser. Any program 
trying to detect the watermark will look at each individual piece, and if they are small enough, will not be able 


to detect the watermark. 
MOU Memorandum of Understanding. 


MOU/A Memorandum of Understanding/ Agreement. A document established between two or more 
patties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an 
MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a 
system interconnection. A document established between two or more parties to define their respective 
responsibilities in accomplishing a particular goal or mission, e.g., establishing, operating, and securing a 


system interconnection. 
Mouse A hardware device used for moving a display screen cursor. 


Mousetrapping A technique that prevents a user from escaping from an objectionable Web site. The result 
can be a never-ending stream of pop up Web sites, which clutter the screen and often cause panic and distress 


to the user. 
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Moving Target Defense The presentation of a dynamic attack surface, increasing an adversary’s 


work factor necessary to probe, attack, or maintain presence in a cyber target. 


MP Multi-link Protocol. 

MPEG Motion Picture Experts Group. 

MPR Multi-protocol PC-based routing. 

MR Medical Review. 

MRRU Maximum Received Reconstructed Unit (PPP). 

MRTI Machine-Readable Threat Intelligence, is a capability that allows SIEM and other security 


controls to make operational security decisions based on information about the prevailing threat landscape. 


Security leaders should understand how MRTI operates, and how it can be used to mitigate threats. 


MSA Security management, management of security attributes. 
MSAU Multi-station Access Units (Token Ring). 
MSC Mobile Switching Center. The location of the digital access and crossconnect system (DACS) 


in a cellular telephone network. 


MSL Multiple Security Levels. Capability of an information system that is trusted to contain, and 


maintain separation between, resources (particularly stored data) of different security domains. 
MSP Medicare Secondary Payer. 


MSSP Managed Security Service Provider, outsourced network security services. Businesses turn to 
managed security services providers to alleviate the pressures they face daily related to information security 
such as targeted malware, customer data theft, skills shortages and resource constraints. Functions of a 
managed security service include round-the-clock monitoring and management of intrusion detection systems 
and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, 


and responding to emergencies. 
MSU Vulnerability assessment, misuse. 


MTA Message Transfer Agent. An OSI application process used to store and forward messages in 
the X.400 message handling system. 


MTCR Modular Treated Conference Room. A second-generation design of the treated conference 
room (TCR), offering more flexibility in configuration and ease of assembly than the original TCR, designed 


to provide acoustic and RF emanations protection. 
MTD Security management, management of TSF data. 


M-trax An encrypted form of MP3 watermarking technology from MCY Music that protects the 


music industry and artists from copyright infringments. 


MTSO Mobile Telephone Switching Office. Controls the entire operation of a cellular system. It is 


a sophisticated computer that monitors all cellular calls, arranges handoffs and manages billing information. 


MTU Maximum transmission unit. 
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Multiaccess rights terminal A terminal that may be used by more than one class of users, for example, 


users with different access rights to data or files. 


Multi-factor Authentication Method of authenticating a user when two or more factors are verified. 
These factors include something the user has (such as a smart card or dongle), something the user knows (such 
as a password, passphrase, or PIN) or something the user is or does (such as fingerprints, other forms of 


biometrics, etc.). 


Multifunction Printer Scans, copies, and faxes as well as prints. 
Multi-Hop Problem The security risks resulting from a mobile software agent visiting several 
platforms. 


Multilevel Device Equipment trusted to properly maintain and separate data of different security domains. 


Multilevel Mode INFOSEC mode of operation wherein all the following statements are satisfied concerning 
the users who have direct or indirect access to the system, its peripherals, remote terminals, or remote hosts (1) 
Some users do not have a valid security clearance for all the information processed in the IS; (2) all users have 
the proper security clearance and appropriate formal access approval for that information to which they have 


access; and (3) all users have a valid need-to-know only for information for which they have access. 


Multi-Level Secure A class of systems containing information with different sensitivities that 
simultaneously permits access by users with different security clearances and needs-to-know, but prevents users 


from obtaining access to information for which they lack authorization. 


Multimedia Information presented in more than one format, such as text, audio, video, graphics, and 
images. 
Multinational Operations A collective term to describe military actions conducted by forces of two 


or more nations usually undertaken within the structure of a coalition or alliance. 


Multiple Inheritance The language mechanism that allows the definition of a class to include 


the attributes and methods defined for more than one superclass. 
Multiplexing To transmit two or more signals over a single channel. 


Multiprocessing A computer operating method in which two or more processors are linked and execute 


multiple programs simultaneously. 


Multi-Releasable A characteristic of an information domain where access control mechanisms enforce policy- 


based release of information to authorized users within the information domain. 
Multitasking Allows the user to work with more than one piece of software at a time. 


MUSE Project An initiative which contributes to the continuing development of intellectual property 
standards. The MUSE project focuses on the electronic delivery of media, embedded signaling systems, and 
encryption technology with the goal of creating a global standard. 


Must Not Work Function Sequences of events or commands that are prohibited because they would 


result in a system hazard. 


Must Work Function Software that if not performed or performed incorrectly, inadvertently, or 


out of sequence could result in a hazard or allow a hazardous condition to exist. This includes (1) software 
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that directly exercises command and control over potentially hazardous functions or hardware; (2) software 
that monitors critical hardware components; and (3) software that monitors the system for possible critical 


conditions or states. 


Mutation The process within a genetic algorithm of randomly trying combinations and evaluating the 


success or failure of the outcome. 


Mutual Authentication This occurs when parties at both ends of a communication activity 


authenticate each other; the process of both entities involved in a transaction verifying each other. 


Mutually Suspicious Pertaining to a state that exists between interactive processes (systems or 
y Susp g P y 
programs), each of which contains sensitive data and is assumed to be designed to extract data from the other 


and to protect its own data. 


MW Multi-Channel Interface Proccessor. 
MWEF Must Work Function. 
NAC Network Access Control. A feature provided by some firewalls that allows access based on a 


user’s credentials and the results of health checks performed on the telework client device. 


NAK Attack A penetration technique that capitalizes on an operating system’s inability to properly handle 


asynchronous interrupts. 


NAK Negative Acknowledgment. A response sent by the receiver to indicate that the previous 


block was unacceptable and the receiver is ready to accept a retransmission, 


NAK Negative acknowledgment. Response sent from a receiving device to a sending device 


indicating that the information received contained errors. Compare with acknowledgment. 





Name Binding Protocol Name Binding Protocol was a dynamic, distributed system for managing 





AppleTalk names. When a service started up on a machine, it registered a name for itself as chosen by a human 
administrator, At this point, NBP provided a system for checking that no other machine had already registered 
the same name. Later, when a client wanted to access that service, it used NBP to query machines to find that 
service. NBP provided browseability ("what are the names of all the services available") as well as the ability 
to find a service with a particular name. Names were human readable, containing spaces, upper and lower case 


letters, and including support for searching. 
Name ResolutionThe process of mapping a name into the corresponding address. 


Naming Attributes Names carried by each instance of an object, such as name, or 


identification number. 


Naming Authority An organizational entity responsible for assigning distinguished names 


(DNs) and for assuring that each DN is meaningful and unique within its domain. 


NAP Network Access Point. Points at which Internet Service Providers (ISPs) connect with other 
ISP networks, allowing internet traffic to flow between the two ISP networks. 








NAT Network Address Translation. A methodology of modifying network address information in 
IP datagram packet headers while they are in transit across a traffic routing device for the purpose of 


remapping one IP address space into another. 
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National Cybersecurity Strategy | A comprehensive policy to secure America’s digital infrastructure as part of 
the Administrative Branch's Comprehensive National Cybersecurity Initiative. The goals of the policy are to 
establish a front line of defense against current immediate threats; to defend against threats by enhancing U.S. 
counterintelligence capabilities and; to strengthen the future cybersecurity environment by expanding cyber 
education and redirecting research and development efforts to define and develop strategies to deter hostile or 


malicious activity in cyberspace. 


National Provider Registry The organization envisioned for assigning National 
Provider IDs. 
National Security Information Information that has been determined pursuant to Executive Order 12958 


as amended by Executive Order 13292, or any predecessor order, or by the Atomic Energy Act of 1954, as 


amended, to require protection against unauthorized disclosure and is marked to indicate its classified status. 


National Security System Any information system (including any telecommunications system) used 
or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency (1) the 
function, operation, or use of which involves intelligence activities; involves cryptologic activities related to 
national security; involves command and control of military forces; involves equipment that is an integral part 
of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions 
(excluding a system that is to be used for routine administrative and business applications, for example, payroll, 
finance, logistics, and personnel management applications); or (2) is protected at all times by procedures 
established for information that have been specifically authorized under criteria established by an Executive 
Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. Any 
information system (including any telecommunications system) used or operated by an agency or by a 
contractor of any agency, or other organization on behalf of an agency, the function, operation, or use of 
which I. involves intelligence activities; II. involves cryptologic activities related to national security; III. 
Involves command and control of military forces; IV. involves equipment that is an integral part of a weapon 
or weapon system; or V. subject to subparagraph (B), is critical to the direct fulfillment of military or 
intelligence missions; or is protected at all times by procedures established for information that have been 
specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept 
classified in the interest of national defense or foreign policy. Subparagraph (B). Does not include a system 
that is to be used for routine administrative and business applications (including payroll, finance, logistics, and 
personnel management applications). (Title 44 U.S. Code Section 3542, Federal Information Security 
Management Act of 2002.) 


National Security Broadly refers to the requirement to maintain the survival of the nation-state through the use 


of economic, military and political power and the exercise of diplomacy. 


National strategy Objectives of the nation for dealing in the arena of international politics, military 


confrontation, and national defense. 





National Vulnerability Database (NVD) The U.S. government repository of standards-based 
vulnerability management data. This data enables automation of vulnerability management, security 


measurement, and compliance (e.g., FISMA). 


Natural LanguageA language that is used in communication with computers and that closely resembles English 


syntax. 


NAUN Nearest active upstream neighbor. 
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nba Network Behavioral Analysis. Is an intrusion detection system that models network traffic 
and alerts on violations of known acceptable activity. Rules can include data volume, time of day, traffic rate, 


communication partners, content, and other elements. 














NBMA Nonbroadcast multi access. 

NBP Name Binding Protocol. 

NCP Network Control Protocol. 

NCQA The National Committee for Quality Assurance. 

NCSC National Computer Security Center. Originally named the DoD Computer Security Center, 


the NCSC is responsible for encouraging the widespread availability of trusted computer systems throughout 
the federal government. With the signing of NSDD-145; the NCSC is responsible for encouraging the 


widespread availability of trusted computer systems throughout the federal government. 
NCSC National Computer Security Center; part of the U.S. Department of Defense. 


NDI Nondevelopmental Item. Any item that is available in the commercial marketplace; any 
previously developed item that is in use by a Department or Agency of the United States, a state or local 


NDIS Network Driver Interface Specification. 


Near-Collision Resistance Given a plaintext value and the corresponding hash value, it should be 


computationally unfeasible to find a second plaintext value that gives the same hash value. 


Need To Know Determination Decision made by an authorized holder of official information that a 


prospective recipient requires access to specific official information to carry out official duties. 





Needs Assessment (IT Security Awareness and Training) A process that can be used to 
determine an organization’s awareness and training needs. The results of a needs assessment can provide 
justification to convince management to allocate adequate resources to meet the identified awareness and 


training needs. 


Need-to-Know A method of isolating information resources based on a user’s need to have access to that 
resource in order to perform their job but no more; for example, a personnel officer needs access to sensitive 
personnel records and a marketing manager needs access to sensitive marketing information but not vice versa. 
The terms “need-to-know” and “least privilege” express the same idea. Need-to-know is generally applied to 


people, while least privilege is generally applied to processes. 





Negligence Failure to use such care as a reasonably prudent and careful person would use under similar 
circumstances; the doing of some act which a person of ordinary prudence would not have done under similar 
circumstances or failure to do what a person of ordinary prudence would have done under similar 
circumstances; conduct that falls below the norm for the protection of others against unreasonable risk of 


harm, It is characterized by inadvertence, thoughtlessness, inattention, recklessness, etc. 


NetBIOS Network Basic Input/ Output System. A program that allows applications on different 


computers to communicate within a local area network (LAN). 


Net-Centric Architecture A complex system of systems composed of subsystems and services that 
are part of a continuously evolving, complex community of people, devices, information and services 


interconnected by a network that enhances information sharing and collaboration. Subsystems and services 
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may or may not be developed or owned by the same entity, and, in general, will not be continually present 
during the full life cycle of the system of systems. Examples of this architecture include service-oriented 


architectures and cloud computing architectures. 


Netiquette Netiquette or ‘network etiquette’ is a set of social conventions that facilitate interaction over 


networks, ranging from mailing lists to blogs and a wide range of online forums. 
ging 8 8 g 


Netizen Derived from the term citizen, referring to a citizen of the Internet, or someone who uses 


networked resources. The term connotes civic responsibility and participation. 


Netscape A WWW Browser and the name of a company. The Netscape (tm) browser was originally 
based on the Mosaic program developed at the National Center for Supercomputing Applications (NCSA). 


Network Access Layer The layer of the TCP/IP stack that sends the message out through the 


physical network onto the Internet. 


Network Access Access to an organizational information system by a user (or a process acting on behalf of a 


user) communicating through a network (e.g., local area network, wide area network, Internet). 


Network Activity Baseline A base for determining typical utilization patterns so that significant 


deviations can be detected. 








Network Address The network portion of an IP address. For a class A network, the network address is the first 
byte of the IP address. For a class B network, the network address is the first two bytes of the IP address. For a 
class C network, the network address is the first three bytes of the IP address. In the Internet, assigned network 
addresses are globally unique. 


Network Administrator An individual responsible for the installation, management, and control of 


a network. 


Network Centric A holistic view of interconnected information systems and resources that encourages a 


broader approach to security management than a component-based approach, 


Network Diagram A description of any kind of locality in terms of its physical layout. In the 
context of communication networks, a topology describes pictorially the configuration or arrangement of a 


network, including its nodes and connecting communication lines. 


Network Element A component of the network structure such as a local exchange, higher- 


order switch, or service-control processor. 
Network Firewall Device that controls traffic to and from a network. 


Network Front-End Device implementing protocols that allow attachment of a computer 


system to a network, 


Network Hub A device that connects multiple computers into a network. 








Network Interface Card This is the card that the network cable plugs into in the back of your 
computer system. The NIC connects your computer to the network. A host must have at least one NIC; 


however, it can have more than one. Every NIC is assigned a MAC address. 
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Network Layer The OSI layer that is responsible for routing, switching, and subnetwork access across the 
entire OSI environment. Think of this layer as a post office that delivers letters based on the address written 


on an envelope. 


Network Manager Provides a package of end-user functions with the responsibility for the 
management of a network, mainly as supported by the EMs, but it may also involve direct access to the 
network elements. All communication with the network is based on open and wellstandardized interfaces 


supporting management of multivendor and multi-technology network elements. 
PP g g sy 


Network Propagation System Analysis A way of determining the speed and method of stego- 


object (or virus) movement throughout a network. 


Network Resilience A computing infrastructure that provides continuous business operation 
(ie, highly resistant to disruption and able to operate in a degraded mode if damaged), rapid recovery if 


failure does occur, and the ability to scale to meet rapid or unpredictable demands. 
Network Security Officer Information Systems Security Officer. 
Network Security Information Assurance. 


Network segmentation A common technique to implement network security is to segment an 


organization’s network into separate zones that can be separately controlled, monitored and protected. 








Network Services In the NICE Workforce Framework, cybersecurity work where a person installs, configures, 
tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, 
switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that 
permit the sharing and transmission of all spectrum transmissions of information to support the security of 


information and information systems. 


Network Sink — A router that drops or misroutes packets, accidentally or on purpose. Intelligent network 


sinks can cooperate to conceal evidence of packet dropping. 


Network Sniffing A passive technique that monitors network communication, decodes protocols, and examines 
headers and payloads for information of interest. It is both a review technique and a target identification and 


analysis technique. 


Network Sponsor Individual or organization responsible for stating the security policy 
enforced by the network, designing the network security architecture to properly enforce that policy, and 


ensuring that the network is implemented in such a way that the policy is enforced. 


Network System System implemented with a collection of interconnected components. A network system is 


based on a coherent security architecture and design. 


Network Traffic Analysis Identifies patterns in network communications. Traffic analysis does not 
need to have the actual content of the communication but analyzes where traffic is taking place, when and for 


how long communications occur and the size of information transferred. 


Network Weaving Penetration technique in which different communication networks are 


linked to access an information system to avoid detection and trace back. 
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Network Information system(s) implemented with a collection of interconnected components. Such 
components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and 


technical control devices. 


Newb/n00b/Newbie Someone who is new to, and inexperienced with, an Internet site or 
technology. 
Newsgroups Usually discussions, but not “interactively live.” Newsgroups are like posting a message on a 


bulletin board and checking at various times to see if someone has responded to your posting. 


Newspaper Code a hidden communication technique where small holes are poked just above the letters in a 


newspaper article that will spell out a secret message. A variant of this technique is to use invisible ink place o 
pap ticle that will spell out t ge. A t of this techniq t ble ink pl. f£ 


holes. 


NFC Near Field Communication. A form of short-range wireless communication where the 
antenna used is much smaller than the wavelength of the carrier signal. Although the communication range of 
NEC is limited to a few centimeters, NFC alone does not ensure secure communications, they are susceptible 


to relay attacks, 


NFS Network File Systems. A distributed file system developed by Sun Microsystems which 


allows a set of computers to cooperatively access each other’s files in a transparent manner. 
P P y P 





NGFW Next Generation Firewall is an integrated network platform that combines a traditional 


firewall with other network device filtering functionalities such as an application firewall using in-line deep 





packet inspection (DPI), an intrusion prevention system (IPS) and /or other techniques such as SSL and SSH 
interception, website filtering, QoS/bandwidth management, antivirus inspection and third-party integration 
(ie. Active Directory), Gartner defines an NGFW as “a wire-speed integrated network platform that performs 
deep inspection of traffic and blocking of attacks.” 


NGIPS Next Generation Intrusion Prevention System, offers protection against advanced and 
evasive targeted attacks with high accuracy. Usually using a combination of technologies such as deep packet 
inspection, threat reputation, and advanced malware analysis, it provides enterprises with a proactive approach 


to security. 
NIACAP National Information Assurance Certification and Accreditation Process. 


NIAP National Information Assurance Partnership. A U.S. government initiative established to 
promote the use of evaluated information systems products and champion the development and use of 
national and international standards for information technology security. NIAP was originally established as a 
collaboration between the National Institute of Standards and Technology (NIST) and the National Security 
Agency (NSA) in fulfilling their respective responsibilities under P.L. 100-235 (Computer Security Act of 
1987). NIST officially withdrew from the partnership in 2007 but NSA continues to manage and operate the 
program. The key operational component of NIAP is the Common Criteria Evaluation and Validation 
Scheme (CCEVS) which is the only U.S. government-sponsored and endorsed program for conducting 
internationally recognized security evaluations of commercial off-the-shelf (COTS) Information Assurance 
(IA) and IA-enabled information technology products. NIAP employs the CCEVS to provide government 
oversight or “validation” to U.S. CC evaluations to ensure correct conformance to the International Common 


Criteria for IT Security Evaluation (ISO/IEC 15408). 
Nibble A Nibble is 4 bits. 
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NIC (1) Network Interface Card. A communication card that when inserted into a computer, allows 
it to communicate with other computers on a network. Most NICs are designed for a particular type of 


network or protocol. 


NIC (2) Network Information Center. Originally, there was only one, located at SRI International 
and tasked to serve the ARPANET (and later DDN) community. Today, there are many NICs, operated by 
local, regional, and national networks all over the world. Such centers provided user assistance, document 


service, training, and much more. 
NIDS Network Intrusion Detection System. 


NU National Information Infrastructure. Nationwide interconnection of communications 
networks, computers, databases, and consumer electronics that make vast amounts of information available to 
users. It includes both public and private networks, the Internet, the public switched network, and cable, 


wireless, and satellite communications. 
NIPC US. National Infrastructure Protection Center. 


NIPRNET Non-classified Internet Protocol Router Network; The unclassified network of the US 


Department of Defense which provides Internet access as well as interconnectivity to DoD users and facilities. 


NIPS Network Intrusion Prevention System, examines network traffic flows to detect and prevent 
vulnerability exploits. Following a successful exploit, the attacker can disable the target application (resulting 
in a denial-of-service state), or can potentially access to all the rights and permissions available to the 


compromised application, 


NIST National Institute of Standards and Technology. An agency of the U.S. Department of 
Commerce that works to develop and apply technology, measurements, and standards; developed a voluntary 
cybersecurity framework based on existing standards, guidelines, and practices for reducing cyber risks to 


critical infrastructures. 


NIST The National Institute of Standards and Technology is a division of the U.S. Department of 
Commerce. NIST issues standards and guidelines, with the hope that they will be adopted by the computing 
community. 

NLPID Network Level Protocol Identifier. 

NLSP NetWare Link Service Protocol. 

NLZ No-Lone Zone. Area, room, or space that, when staffed, must be occupied by two or more 


appropriately cleared individuals who remain within sight of each other. 


NNI Network to Network Interface (ATM, Frame Relay). 














NNTP Network News Transfer Protocol. Used for the distribution, inquiry, retrieval, and posting 
of Netnews articles using a reliable stream-based mechanism. For news-reading clients, NNTP enables 
retrieval of news articles that are stored in a central database, giving subscribers the ability to select only those 


articles they wish to read. 


Node A point of connection into a network. In multipoint networks, is a unit that is polled. In 
LANs, it is a device on the ring. In packet switched networks, it is one of the many packet switches that form 
the network’s backbone. 
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NOI Notice of Intent. A document that describes a subject area for which the federal government 
is considering developing regulations. It may describe the presumably relevant considerations and invite 
comments from interested parties. These comments can then be used in developing an NPRM or a final 


regulation. 


Noise Random electrical signals introduced by circuit components or natural disturbances that 


tend to degrade the performance of a communications channel. 


Nonce A value used in security protocols that is never repeated with the same key. For example, 
nonces used as challenges in challenge response authentication protocols generally must not be repeated until 
authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a 
challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. 
A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of 
guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay 
attacks, 


Noncomputing Security Methods Noncomputing methods are security safeguards which do not use the 
hardware, software, and firmware of the IS. Traditional methods include physical security (controlling physical 


access to computing resources), personnel security, and procedural security. 


Non-Discretionary Access Control A non-discretionary authorization scheme is one under which only the 
recognized security authority of the security domain may assign or modify the ACI for the authorization 


scheme such that the authorizations of principals under the scheme are modified. 


Noninterference The property that actions performed by user or process A of a system have no effect on 


what user or process B can observe; there is no information flow from A to B. 


Nonintrusive monitoring The use of transported probes or traces to assemble information, track 


traffic and identify vulnerabilities. 


Non-Local Maintenance Maintenance activities conducted by individuals communicating through a 


network; either an external network (e.g., the Internet) or an internal network. 


Non-Mobile Technologies Non-mobile communications technologies such as interactive whiteboards 


and desktop computers. 
Non-Organizational User A user who is not an organizational user (including public users). 


Nonprocedural Language A programming language with fixed logic, which allows the programmer 


to specify processing operations without concern for processing logic. 


Nonrecord Material Extra and duplicate copies that are only of temporary value, including 


shorthand notes, used carbon paper, preliminary drafts, and other material of similar nature. 


Nonrecurring (ad hoc) Decision One that is made infrequently and may have different criteria for 


determining the best solution each time. 








Non-tepudiation Assurance that the sender of information is provided with proof of delivery and the recipient 
is provided with proof of the sender‘s identity, so neither can later deny having processed the information; 
Protection against an individual falsely denying having performed a particular action. Provides the capability to 
determine whether a given individual took a particular action such as creating information, sending a message, 


approving information, and receiving a message; Is the security service by which the entities involved in a 
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communication cannot deny having participated. Specifically, the sending entity cannot deny having sent a 
message (non-repudiation with proof of origin), and the receiving entity cannot deny having received a 
message (non-repudiation with proof of delivery); A service that is used to provide assurance of the integrity 
and origin of data in such a way that the integrity and origin can be verified and validated by a third party as 
having originated from a specific entity in possession of the private key (i.e., the signatory). 


Nonstructured Decision A decision for which there may be several right answers and there is no 


precise way to get a right answer. 


Nontransparent Proxy Mode Accelerator In a Nontransparent Proxy Mode Accelerator, the 
source addresses of all the packets decrypted by the SSL accelerator have a source address of that SSL 
accelerator and the client source addresses do not get to the server at all. From the server perspective, the 


request has come from the SSL accelerator. 


Normalization A process of assuring that a relational database structure can be implemented as a series of 


two-dimensional relations. 
NOS Network operating system. 


Notebook Computer A highly portable, battery powered microcomputer with a display screen, 


carried easily in a briefcase, and used away from a user’s workplace. 





Notice A privacy principle that requires reasonable disclosure to a consumer of an entity’s personally 
identifiable information (PII) collection and use practices. This disclosure information is typically conveyed in 


a privacy notice or privacy policy. 


Notional Architecture An alternative architecture composed of current systems, as well as, new 


procurements proposed for some future date. 





NOW Network Operator. Operator of a public telecommunications infrastructure that permits the 
conveyance of signals between defined network termination points by wire, microwave, optical means, or other 


electromagnetic means. 


NPF National Provider File. The database envisioned for use in maintaining a national provider 
registry. 

NPI National Provider ID. 

NPRM Notice of Proposed Rulemaking. A document that describes and explains regulations that 


the federal government proposes to adopt at some future date, and invites interested parties to submit 


comments related to them. These comments can then be used in developing a final regulation. 


NPRM Notice of Proposed Rulemaking, The publication, in the Federal Register, of proposed 


regulations for public comment. 


NPS National Provider System. The administrative system envisioned for supporting a national 


provider registry. 


NRBG Non-deterministic Random Bit Generator. An RBG that (when working properly) produces 
outputs that have full entropy. Contrast with a DRBG. Other names for non deterministic RBGs are True 
Random Number (or Bit) Generators and, simply, Random Number (or Bit) Generators. 


NRO Communication non-repudiation of origin. 


201 


Xingan Li & Peilin Li 


NRR Communication non-repudiation of receipt. 


NSA-Approved Cryptography Cryptography that consists of (1) an approved algorithm; (2) an 
implementation that has been approved for the protection of classified information in a particular environment; 


and (3) a supporting key management infrastructure. 


NSEPTS National Security Emergency Preparedness Telecommunications Service. 
Telecommunications services that are used to maintain a state of readiness or to respond to and manage any 
event or crisis (local, national, or international) that causes or could cause injury or harm to the population, 
damage to or loss of property, or degrade or threaten the national security or emergency preparedness posture 


of the United States. 


NSF National Standard Format. Generically, this applies to any nationally standardized data 
format, but it is often used in a more limited way to designate the Professional EMC NSF, a 320-byte flat file 


record format used to submit professional claims. 


NSFNET National Science Foundation Network. A collection of local, regional, and mid-level 
networks in the U.S. tied together by a high-speed backbone. NSFNET provides scientists access to a number 


of supercomputers across the country. 








NSP Network Service Provider. Owns and maintains routing computers at NAPs and even the 
lines that connect the NAPs to each other. For example, MCI and AT&T. 

NT-I Network Termination I. 

NTLM A Microsoft authentication protocol that uses cryptographic hash representations of account 
passwords. 

NIN Network Terminal Number (X.25). 

NTP Network Time Protocol. 

NTSC/PAL National Television System Committee The first color TV broadcast system 


was implemented in the United States in 1953. This was based on the NTSC (National Television System 
Committee) standard. NTSC is used by many countries on the American continent as well as many Asian 
countries, including Japan. NTSC runs on 525 lines/frame. PAL (Phase Alternating Line) standard was 
introduced in the early 1960s and implemented in most countries except for France. The PAL standard 
utilizes a wider channel bandwidth than NTSC, which allows for better picture quality. PAL runs on 625 


lines/frame. 

NUBC EDI TAG The NUBC EDI Technical Advisory Group, which coordinates issues 
affecting both the NUBC and the X12 standards. 

Nucleus The core of the atom that is made up of neutrons and protons, 

Null option The option to take no action. 

Null Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or 


prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. 


Numeric test An input control method to verify that a field of data contains only numeric digits. 








NVA Network vulnerability assessment. 
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NVE Network-visible entity. 
NVRAM Nonvolatile random access memory. 
Nyquist Theorem Theorem that dictates that sampling should occur at a rate that is twice 


the highest frequency being sampled. 


Obfuscation The deliberate act of creating source or machine code that is difficult for humans to 
understand. 
OBJ (1) Protection Profile evaluation, security objectives. (2) Security Target evaluation, security 


Object Identifier A specialized formatted number that is registered with an internationally recognized 
standards organization. The unique alphanumeric/ numeric identifier registered under the ISO registration 
standard to reference a specific object or object class. In the federal government PKI, they are used to uniquely 


identify each of the four policies and cryptographic algorithms supported. 


Object Identity In the Object-Oriented paradigm, each object has a unique identifier independent of the 


values of other properties. 
Object Program A program that has been translated from a higher-level source code into machine language. 


Object Reuse Reassignment and re-use of a storage medium containing one or more 


objects after ensuring no residual data remains on the storage medium. 





Object A passive entity that contains or receives information. Passive information system-related 
entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. 
Access to an object implies access to the information it contains. Passive information system-related entity (e.g., 
devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an 


object (by a subject) implies access to the information it contains. 
Objective information Quantifiably describes something that is known. 


Object-Oriented Database Works with traditional database information and also complex data types 


such as diagrams, schematic drawings, videos, and sound and text documents. 


Object-Oriented Language A language that supports objects, method resolution, specialization, 


encapsulation, polymorphism, and inheritance. 


Object-Oriented Programming Language A programming language used to develop object- 


oriented systems. The language groups together data and instructions into manipulative objects. 





Object-Oriented Any method, language, or system that supports object identity, classification, and 
encapsulation and specialization. C++, Smalltalk, Objective-C, and Eiffel are examples of objectoriented 


implementation languages. 


Oblivious Scheme Blind Scheme. 
OC Optical circuit. 
OCIL Open Checklist Interactive Language. SCAP language for expressing security checks that 


cannot be evaluated without some human interaction or feedback. 
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OCR Optical Character Recognition, An input method in which handwritten, typewritten, or 


printed text can be read by photosensitive devices for input to a computer. 


OCR The Office for Civil Rights. 
OCSP Responder The server side software that answers OCSP requests. 
OCSP Online Certificate Status Protocol. A protocol for determining whether a digital certificate is 


valid in real time without using CRLs. This protocol is specified in RFC 2560. 
ODI Open datalink interface. 


Off-Card Refers to data that is not stored within the PIV card or computation that is not done by the 
Integrated Circuit Chip (ICC) of the PIV card. 


Offensive Technology Data checksums, signatures, file names; vulnerability and associated exploits 
Office Automation The application of computer and related technologies to office procedure. 
Official Information All information in the custody and control of a U.S. government 


department or agency that was acquired by U.S. government employees as a part of their official duties or 


because of their official status and has not been cleared for public release. 


Off-line Attack An attack where the Attacker obtains some data (typically by eavesdropping on an 
authentication protocol run, or by penetrating a system and stealing security files) that he/she is able to 


analyze in a system of his/her own choosing, 


Off-line Authentication Certificate A particular form of authentication information binding an entity to a 
cryptographic key, certified by a trusted authority, which may be used for authentication without directly 
interacting with the authority. 


Off-line Cryptosystem Cryptographic system in which encryption and decryption are performed 


independently of the transmission and reception functions. 


Offset Code Book mode A patented encryption mode for block ciphers that provides both secrecy 
and message integrity and is capable of doing so at high speeds. 


Offsite Storage A storage facility located away from the building, housing the primary information 
processing facility IPF), and used for storage of computer media such as offline backup data storage files. 


Ohm’s Law This law applies to any resistive circuit with one of the values unknown and will allow the 


discovery of the unknown value. 


OIG Office of the Inspector General. 
OLAP Online Analytical Processing. The manipulation of information to support decision-making. 
OLE Microsoft's Object Linking and Embedding technology designed to let applications share 


functionality through live data exchange and embedded data. Embedded objects are packaged statically within 
the source application, called the “client;” linked objects launch the “server” applications when instructed by 


the client application. Linking is the capability to call a program, embedding places data in a foreign program. 


OLTP Online Transaction Processing. The gathering of input information, processing that 


information, and updating. 
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OMAC One-key CBC-MAC. A secure, efficient way for turning a block cipher into a message 
authentication code. It is an improvement of the CBC-MAC, which is not secure in the arbitrary case. Other 
CBC-MAC variants use multiple keys in order to fix the problem with CBC-MAC. OMAC uses a single key 
and still has appealing provable security properties. 


OMB The Office of Management and Budget. 


OMR Optical Mark Recognition. Detects the presence of or absence of a mark in a predetermined 


place (popular for multiple choice exams). 


ONC Open Network Computing. A distributed applications architecture promoted and controlled 
by a consortium led by Sun Microsystems. 

On-Card Refers to data that is stored within the PIV card or computation that is done by the ICC of 
the PIV card. 


One-Part Code Code in which plain text elements and their accompanying code groups are arranged in 
alphabetical, numerical, or other systematic order, so one listing serves for both encoding and decoding. One- 


part codes are normally small codes used to pass small volumes of low-sensitivity information. 
One-Time Cryptosystem Cryptosystem employing key used only once. 


One-Time Pad A particular cryptographic system that is provably secure in some sense, but highly 


impractical, because it requires a bit of entropy for every bit of message. 


One-Time Password A password that is only valid once. Generally, such passwords are derived 
from some master secret which is shared by an entity and an authentication server and are calculated via a 


challenge-response protocol. 


One-Time Tape Punched paper tape used to provide key streams on a one-time basis in certain machine 


cryptosystems. 


One-Way Hash Algorithm Hash algorithms which map arbitrarily long inputs into a fixed-size output 
such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the 
same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that 
can both authenticate the signer and provide for data integrity checking (detection of input modification after 


signature). 


One-Way Hash Function A hash function, where it is computationally unfeasible to determine 


anything about the input from the output. 


Online Attack — An attack against an authentication protocol where the Attacker either assumes the role of a 
Claimant with a genuine Verifier or actively alters the authentication channel. The goal of the attack may be to 


gain authenticated access or learn authentication secrets. 


On-Line Authentication Certificate A particular form of authentication information, certified by a trusted 


authority, which may be used for authentication following direct interaction with the authority. 


Online Cryptosystem Cryptographic system in which encryption and decryption are performed 


in association with the transmitting and receiving functions. 


Online Processing Often called interactive processing. An operation in which the user works 


at a terminal or other device that is directly attached or linked to the computer. 
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Online Profiling Compiling information about consumers! preferences and interests by tracking their online 


movements and actions in order to create targeted ads. 


Online Service A proprietary, commercial network that provides a variety of information and other services 
to its subscribers. Commercial online services typically provide their own content, forums (e.g. chat rooms, 


bulletin boards), e-mail capability, and information available only to subscribers. . 


Online System Applications that allow direct interaction of the user with the computer (CPU) via a CRT, 
thus enabling the user to receive back an immediate response to data entered (i.e., an airline reservation system). 


Only one root node can be used at the beginning of the hierarchical structure. 
Online Training Runs over the Internet or off a CD-ROM. 


Onward Transfer The transfer of personally identifiable information (PII) by the recipient of the original data 
to a second recipient. For example, the transfer of PII from an entity in Germany to an entity in the United 


States constitutes onward transfer of that data. 


OOA Object-Oriented Analysis. The specification of requirements in terms of objects with 


identity that encapsulate properties and operations, messaging, inheritance, polymorphism, and binding, 


OOD Object-Oriented Design. The development activity that specifies the implementation of a 
system using the conceptual model defined during the analysis phase. 


OODBMS Object-Oriented Database Management System. A database that stores, retrieves, and 


updates objects using transaction control, queries, locking, and versioning. 


Open Code A form of hidden communication which uses an unencrypted message. Jargon code is an 


example of open code. 


Open Content — Copyrighted information that is made available by the copyright owner to the general public 
under license terms that allow reuse of the material, often with the requirement that the re-user grant the 
public the same rights to the modified version that the re-user received from the copyright owner. Information 


that is in the Public Domain might also be considered a form of Open Content. 


Open Network/ System A network or systems in which, at the extremes, unknown parties, possibly 
in a different state or national jurisdictions will exchange/ trade data. To do this, will require an overarching 
framework which will engender trust and certainty. A user of online services might go through a single 
authentication process with a trusted third party, receive certification of their public key, and then be able to 
enter into electronic transactions /data exchanges with merchants, governments, banks etc, using the certificate 


so provided for multiple purposes. 


Open Source Software Open Source Software is software for which the underlying programming 
code is available to the users so that they may read it, make changes to it, and build new versions of the 
software incorporating their changes. There are many types of Open Source Software, mainly differing in the 


licensing term under which (altered) copies of the source code may (or must be) redistributed. 


Open Storage Any storage of classified national security information outside of approved containers. This 
includes classified information that is resident on information systems media and outside of an approved 


storage container, regardless of whether or not that media is in use (i.e., unattended operations). 


Open system A system whose architecture permits components developed by independent organizations 


or vendors to be combined. 
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OpenMG A copyright protection technology from Sony that allows recording and playback of digital 


music data on a personal computer and other supported devices but prevents unauthorized distribution, 


Operand The portion of a computer instruction that references the memory address of an item to be 


processed. 


Operating Environment The total environment in which an information system operates. Includes 
the physical facility and controls, procedural and administrative controls, personnel controls (e.g., clearance 


level of the least cleared user). 


Operation Code The portion of the computer instruction that identifies the specific processing operation to 


be performed. 


Operational Controls The security controls (i.e. safeguards or countermeasures) for an 
information system that primarily are implemented and executed by people (as opposed to systems), The 
security controls (i.e. safeguards or countermeasures) for an information system that are primarily 


implemented and executed by people (as opposed to systems). 


Operational Database A database that supports online transaction processing (OLTP). 
Operational Error An error that results from the incorrect use of a product, component, or 
system. 

operational Exercise An action-based exercise where personnel rehearse reactions to an incident 


scenario, drawing on their understanding of plans and procedures, roles, and responsibilities. 


Operational Key Key intended for use over-the-air for protection of operational information or for the 


production or secure electrical transmission of key streams. 


Operational Management Manages and directs the day-to-day operations and implementations of the 


goals and strategies. 


Operational Profile The set of operations that the software can execute along with the 
probability with which they will occur. 


Operational Security Information Transient information related to a single operation or set of operations 


within the context of an operational association, for example, a user session. 


Operational Security Process denying information to potential adversaries about capabilities and 


intentions by identifying, controlling, and protecting unclassified generic activities. 





Operational Status Either it is (1) operational system is currently in operation, (2) under 
development system is currently under design, development, or implementation, or (3) undergoing a major 


modification system is currently undergoing a major conversion or transition. 


Operational Threat Intelligence Information about specific impending attacks against the organization and 


is initially consumed by higher-level security staff, such as security managers or heads of incident response. 


Operational Vulnerability Information Information that describes the presence of an 


information vulnerability within a specific operational setting or network. 


Operational Waiver Authority for continued use of unmodified COMSEC end-items pending 


the completion of a mandatory modification. 
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Operationally Object-Oriented The data model includes generic operators to deal with complex objects in 
their entirety. 


Operations Code Code composed largely of words and phrases suitable for general communications use. 


Operations Technology The hardware and software systems used to operate industrial control 
devices. 
OPSEC Operational Security; Operations Security. 


Optical Disk A disk that is written to or read from by optical means. 


Optical Fiber A form of transmission medium that uses light to encode signals and has the highest 


transmission rate of any medium. 


Optical Modulation The process of varying some characteristics of light pulses over a fiber- 


optic cable in order to pass information from one point to another. 


Optical Storage A medium requiring lasers to permanently alter the physical media to create a permanent 


record. The storage also requires lasers to read stored information from this medium. 





Opt-in An option that gives a user complete control over the collection and dissemination of 
personal information. A site that provides this option is stating that it will not gather or track information 


about the user unless the user knowingly provide such information and consent to the site. 


Optional Modification NSA-approved modification not required for universal implementation by 
all holders of a COMSEC end-item. This class of modification requires all of the engineering/ doctrinal 
control of mandatory modification but is usually not related to security, safety, TEMPEST, or reliability. 


Opt-out An option that gives a user the choice to prevent personally identifiable information from 


being used by a particular Web site or shared with third parties. 


ORA Organizational Registration Authority. Entity within the PKI that authenticates the identity 


and the organizational affiliation of the users. 


Orange Book Common name used to refer to the DoD Trusted Computing System 
Evaluation Criteria (TCSEC), DoD 5200.28-STD. 


Orange Forces — Forces of the United States operating in an exercise in emulation of the opposing force. 


ORB Object Request Broker. A software mechanism by which objects make and receive requests 


and responses, 


Organizational Information Security Continuous Monitoring Ongoing monitoring sufficient to 
ensure and assure effectiveness of security controls related to systems, networks, and cyberspace, by assessing 
security control implementation and organizational security status in accordance with organizational risk 


tolerance and within a reporting structure designed to make real-time, data-driven risk management decisions. 
Organizational Maintenance Limited maintenance performed by a user organization. 


Organizational Security Policy Set of laws, rules, and practices that regulates how an organization 


manages, protects, and distributes sensitive information. 


208 


Dictionary of Cyber Security 


Organizational User An organizational employee or an individual the organization deems to 
have equivalent status of an employee (e.g., contractor, guest researcher, individual detailed from another 


organization, individual from allied nation). 


Organized Crime Groups having some manner of a formalized structure and whose primary objective is to 
obtain money through illegal activities. Such groups maintain their position through the use of actual or 
threatened violence, corrupt public officials, graft, or extortion, and generally have a significant impact on the 


people in their locales, region, or the country as a whole. 


Original Classification An initial determination that information requires protection against 


unauthorized disclosure in the interest of national security, and a designation of the level of classification. 


Original Classifier An authorized individual in the executive branch who initially determines 
that particular information requires a specific degree of protection against unauthorized disclosure in the 


interest of national security and applies the classification designation “Top Secret,” “Secret,” or “Confidential.’ 


OS Fingerprinting Operating System Fingerprinting. Analyzing characteristics of packets sent 
by a target, such as packet headers or listening ports, to identify the operating system in use on the target. 


OS Operating system. A master control program that runs the computer and acts as a scheduler 
and traffic controller. The operating system is the first program copied into the computer’s memory after the 
computer is turned on; it must reside in memory at all times. It is the software that interfaces between the 
computer hardware (disk, keyboard, mouse, network, modem, printer) and the application software (word 
processor, spreadsheet, e-mail), which also controls access to the devices and is partially responsible for 


security components and sets the standards for the application programs that run in it. 


OSI 7-Layer Model The Open System Interconnection 7-layer model is an ISO standard for 
worldwide communications that defines a framework for implementing protocols in seven layers. Control is 
passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom 


layer, over the channel to the next station and back up the hierarchy. 


OSI Model Open Systems Interconnect Model. A model for the design of a network. The open systems 
interconnect (OSI) model defines groups of functionality required to network computers into layers. Each 


layer implements a standard protocol to implement its functionality. There are seven layers in the OSI model. 


OSI Reference Model The seven-layer architecture designed by OSI for open data 


communications network. 


OSI Open Systems Interconnection; a seven-layer model from the ISO that defines and 


standardizes protocols for communicating between systems, networks and devices. 


OSINT open source threat intelligence is data collected from publicly available Web sources such as 
social media, blogs, news publications, and forums. With an estimated 90% of required intelligence available 


in open soutce, it is imperative intelligence analysts become adept at mining open sources. 


OSP Online Service Provider. Is a company that provides Internet access and other services such 


as shopping, news, chat rooms, and special events. AOL and MSN are OSPs. 
OSPF Open Shortest Path First. 
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OTAR Over-The-Air Rekeying. Changing traffic encryption key or transmission security key in 
remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the 


communications path it secures. 
OUI Organizationally unique identifier. 


Out of Band A LAN term which refers to the capacity to deliver information via modem or other 
asynchronous connection. Out-of-band signaling refers to signaling that is separated from the channel carrying 


the information. Signal and control information does not interfere with the data transmission. 


Outcome Measure Represents the consequences of actions previously taken; often referred to 
as a lag indicator. Outcome measure frequently focuses on results at the end of a time period and characterize 
historic performance. They are also referred to as a key goal indicator (KGI) and used to indicate whether 


goals have been met. These can be measured only after the fact and, therefore, are called "lag indicators." 
Outed When someone shares personal or private information and/or images about someone else. 


Output Controls Techniques and methods for verifying that the results of processing conform to expectations 


and are communicated only to authorized users. 
Output Device A tool used to see, hear, or otherwise accept the results of information-processing requests. 


Output Feedback Mode A block cipher mode that turns a block cipher into a stream cipher. The 
mode works by continually encrypting the previous block of keystream. The first block of keystream is 


generated by encrypting an initialization vector. 


Outreach and Collaboration Working across government and with the private sector to share 


information on threats and other data, and to develop shared approaches to securing cyberspace. 


Outside Threat Outsider Threat. An unauthorized entity from outside the domain perimeter that has the 
potential to harm an Information System through destruction, disclosure, modification of data, and/or denial 


of service. 


Outsourcing The practice of contracting with another entity to perform services that might otherwise be 


conducted in-house. Contracted relationship with a third party to provide services, systems, or support. 


OVAL Open Vulnerability and Assessment Language. SCAP language for specifying low-level 
testing procedures used by checklists. 


Overlapped Processing The simultaneous execution of input, processing, and output functions by 


a comp uter system. 


Overlaps Areas in which too much capability exists. Unnecessary redundancy of coverage in a given 


area or function. 


Overreach Interference Caused by a signal feeding past a repeater (or receive antenna) to the 


receiving antenna at the next station in the route. 


Oversight & Development A NICE Workforce Framework category consisting of specialty areas 
providing leadership, management, direction, and/or development and advocacy so that all individuals and the 


organization may effectively conduct cybersecurity work. 
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Overt Channel Communications path within a computer system or network designed for the authorized 


transfer of data. 
Overt Testing Security testing performed with the knowledge and consent of the organization’s IT staff. 


Over-The-Air Key Distribution Providing electronic key via over-the-air rekeying, over-the-air key transfer, 


or cooperative key generation. 


Over-The-Air Key Transfer Electronically distributing key without changing traffic encryption key 


used on the secured communications path over which the transfer is accomplished. 


Overwrite Procedure A software process that replaces data previously stored on storage media 


with a predetermined set of meaningless data or random patterns. 
Overwriting The obliteration of recorded data by recording different data on the same surface. 


OWASP Open Web Application Security Project. An open community dedicated to enabling 


organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. 


P2P Peer-to-peer infrastructure. Often referred to simply as peer-to-peer, or abbreviated P2P, a 
type of network in which each workstation has equivalent capabilities and responsibilities. This differs from 
client/server architectures, in which some computers are dedicated to serving the others. Peer-to-peer networks 


are generally simpler, but they usually do not offer the same performance under heavy loads. 


pP2P Peer-to-Peer Programs. 
P2PE The PCI Council’s Point-to-Point-Encryption standard. 
P3P Platform for Privacy Preferences Project. An open privacy specification developed and 


administered by the World Wide Web Consortium (W3C) that, when implemented, enables people to make 


informed decisions about how they want to share personal information with Web sites. 


PAA (1) Policy Approving Authority. First level of the PKI Certification Management Authority that 
approves the security policy of each PCA. 

PAA (2) Principal Accrediting Authority. Senior official with authority and responsibility for all 
intelligence systems within an agency. 

PaaS Platform as a Service. Offers the capability to deploy onto the cloud infrastructure customer- 
created or -acquired applications that are created using programming languages and tools supported by the 
provider. 

PABX Private Automatic Branch Exchange. Telephone switch for use inside a corporation. PABX is 


the preferred term in Europe, while PBX is used in the United States. 


Packet Filter A routing device that provides access control functionality for host addresses and 


communication sessions. 
Packet Sniffer | Software that observes and records network traffic. 


Packet Sniffing The practice of examining the individual packages of data received by a computer to find 
out more about what the machine is being used for. Often login names and passwords are sent in plain text 


within data packets and can easily be extracted. 
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Packet Switch |= WAN device that routes packets along the most efficient path and allows a communications 
channel to be shared by multiple connections. Formerly called an Interface Message Processor (IMP). 


Packet Switching The method used to move data around on the Internet. In packet switching, all the data 
coming out of a machine is broken up into chunks, each chunk has the address of where it came from and 
where it is going. This enables chunks of data from many different sources to co-mingle on the same lines, and 
be sorted and directed along different routes by special machines along the way; this way many people can use 


the same lines at the same time. 


Packet Data unit that is routed from source to destination in a packet-switched network. A packet 
contains both routing information and data, Transmission Control Protocol/Internet Protocol (TCP/IP) is 


such a packet-switched network. 


PAD Packet Assembler/Disassembler. 

Padding A technique used to fill a field, record, or block with default information (e.g., blanks or 
Zeros). 

PA-DSS Payment Application Data Security Standard. 

PAG Policy Advisory Group. A generic name for many work groups at WEDI and elsewhere. 
Page fault A program interruption that occurs when a page that is referred to is not in main memory 


and must be read from external storage. 
Page A basic unit of storage in main memory. 


Paging A method of dividing a program into parts called pages and introducing a given page into 


memory as the processing on the page is required for program execution. 


Palm Operating System The operating system for Palm and Handspring PDAs. 
Palm A type of PDA that runs on the Palm Operating System (Palm OS). 
PAM (1) Pluggable Authentication Modules, is a technology for abstracting out authentication at the 


host level. It is similar to SASL, but is a bit higher up in the network stack and tends to be a much easier 
technology to use, particularly for system administrators, who can configure authentication policies quite easily 


using PAM. 


PAM (2) Pulse Amplitude Modulation. The first step in converting analog waveforms into digital 
signals for transmission, 

PAN Primary Account Number. Unique number for credit and debit cards that identifies the 
cardholder account. 

PAP (1) Password Authentication Protocol. 

PAP (2) Printer Access Protocol. 

Parallel Connector Has 25 pins that fit into the corresponding holes in the port. Most 


printers use parallel connectors. 


Parallel Conversion The concurrent use of new system by its users. 
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Parallel Port The computer’s printer port, which in a pinch, allows user access to notebooks and 


computers that cannot be opened. 


Parent A unit of data in a I:n relationship with another unit of data called a child, where the parent 
can exist independently but the child cannot. 


Parental Controls Tools that allow parents to prevent their children from accessing certain Internet content 


that they might find inappropriate. 
Parity Bit A bit attached to a byte that is used to check the accuracy of data storage. 


Parity A bit or series of bits appended to a character or block of characters to ensure that the 


information received is the same as the information that was sent. Parity is used for error detection. 


Partial Collision Resistance When it is unfeasible to find two arbitrary inputs to a hash function that 


produce similar outputs i.e., outputs that differ in only a few bits. 
Partition A memory area assigned to a computer program during its execution. 


Partitioned Security Mode Information systems security mode of operation wherein all personnel have 
the clearance, but not necessarily formal access approval and need-to-know, for all information handled by an 


information system, 


Partitioning Isolating TA-critical, [A-related, and non-IA-related functions and entities to prevent 
accidental or intentional interference, compromise, and corruption. Partitioning can be implemented in 
hardware or software. Software partitioning can be logical or physical. Partitioning is often referred to as 


separability in the security community. 


Pascal A computer programming language designed especially for writing structured programs. 


This language is based on the use of a minimum set of logical control structures. 
Passing Off Making false representation that goods or services are those of another business. 


Passive Attack An actual assault perpetrated by an intentional threat source that attempts to learn or make 
use of information from a system, but does not attempt to alter the system, its resources, its data, or its 


operations. 


Passive Response A response option in intrusion detection in which the system simply reports and records the 


problem detected, relying on the user to take subsequent action. 


Passive Security Testing Security testing that does not involve any direct interaction with the 


targets, such as sending packets to a target. 


Passive System A system related indirectly to other systems. Passive systems may or may not have a physical 


connection to other systems, and their logical connection is controlled tightly. 


Passive Wiretapping The monitoring or recording of data while it is being transmitted over a 


communications link, without altering or affecting the data. 
Passphrase Password. Meant to encourage people to use longer values. 


Password Authentication Protocol Authentication protocol that allows PPP peers to authenticate one another. 
The remote router attempting to connect to the local router is required to send an authentication request. 


Unlike CHAP, PAP passes the password and hostname or username in the clear (unencrypted). PAP does not 
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itself prevent unauthorized access, but merely identifies the remote end. The router or access server then 


determines if that user is allowed access. PAP is supported only on PPP lines. Compare with CHAP. 


Password CrackerA password cracker is an application program that is used to identify an unknown or 
forgotten password to a computer or network resources. It can also be used to help a person obtain 


unauthorized access to a resource. 


Password Cracking The process of recovering secret passwords stored in a computer system or 


transmitted over a network. 
Password Entropy Stated in bits, the measure of randomness in a password. 


Password Protected The ability to protect a file using a password access control, protecting the 
data contents from being viewed with the appropriate viewer unless the proper password is entered; the ability 


to protect the contents of a file or device from being accessed until the correct password is entered. 


Password Rules The County's password policy requires a 8 characters (minimum) to I2 characters 


(maximum). The password must be changed every 60 days. 


Password Sniffing Eavesdropping on a communications line to capture passwords that are 


being transmitted unencrypted. 


Password Weakness Security threats caused by the use of easily guessable passwords which 


protect vital stores of confidential information stored online. 


Password A protected, generally computer-encrypted string of characters that authenticate a computer 


user to the computer system. 


Patch Management An area of systems management that involves acquiring, testing and 
installing multiple patches (code changes) to an administered computer system in order to maintain up-to-date 
software and often to address security risk. Patch management tasks include the following: maintaining current 
knowledge of available patches; deciding what patches are appropriate for particular systems; ensuring that 
patches are installed properly; testing systems after installation; and documenting all associated procedures, 
such as specific configurations required. A number of products are available to automate patch management 
tasks. Patches are sometimes ineffective and can sometimes cause more problems than they fix. Patch 
management experts suggest that system administrators take simple steps to avoid problems, such as 
performing backups and testing patches on non-critical systems prior to installations. Patch management can 


be viewed as part of change management. 


Patch Tuesday Refers to the second Tuesday of each month when Microsoft releases security fixes and 
patches developed and discovered over the previous month. Windows systems from Windows 98 on have 


included automatic checks for patches to avoid any concerns. 


Patch A patch is a small security update released by a software manufacturer to fix bugs in existing 
programs. Your computer's software programs and/or operating system may be configured to check 
automatically for patches, or you may need to periodically visit the manufacturers’ websites to see if there have 


been any updates. 


Patching Patching refers to the installation of a piece of software designed to fix problems with, or 


update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, 
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and improving the usability or performance. Though meant to fix problems, poorly designed patches can 


sometimes introduce new problems. 


Patchwork an encoding algorithm that takes random pairs of pixels and brightens the brighter pixel and 
dulls the duller pixel and encodes one bit of information in the contrast change. This algorithm creates a 


unique change, and that change indicates the absense or presence of a signature. 


Patent Exclusive right granted to an inventor to produce, sell, and distribute the invention for a 


specified number of years. 


Path Histories | Maintaining an authenticatable record of the prior platforms visited by a mobile software 
agent, so that a newly visited platform can determine whether to process the agent and what resource 


constraints to apply. 


Pattern Classification The step of ASR in which the system matches the user’s spoken phonemes 


to a phoneme sequence stored in an acoustic model database. 
P q 


Payload The amount of information that can be stored in the cover media. Typically the greater the 


payload the greater the risk of detection. In malicious software, this refers to the section containing the 


harmful data/code. 


Payment Application Vendor An entity that sells, distributes, or licenses a payment application to POS 
integrators/’ resellers for integration into merchant payment systems, or directly to merchants for their own 


installation and use. 


Payment Application Related to PA-DSS, a software application that stores, processes, ot 


transmits cardholder data as part of authorization or settlement of payment transactions. 


Payment Middleware A general term for software that connects two or more, perhaps unrelated, 
payment applications together. For example, it may pass card data between an application on a payment 


terminal and other merchant systems that send card data to a processor. 


Payment Processor Entity engaged by merchants to handle payment card transactions on their 
behalf. While payment processors typically provide acquiring services, payment processors are not considered 


acquirers (merchant banks) unless defined as such by a payment card brand. 


Payment System Encompasses the entire process for accepting card payments in a merchant retail location 
(including stores/ shops and e-commerce storefronts) and may include a payment terminal, an electronic cash 
register, other devices or systems connected to the payment terminal (for example, Wi-Fi for connectivity or a 
PC used for inventory), servers with e-commerce components such as payment pages, and the connections out 


to a merchant bank. 


Payment Terminal Hardware device used to accept customer card payments via swipe, dip, 


insert, or tap. 


PB Petabyte. A Petabyte is 1,125,899,906,842,624 (250) bytes, 1,024 Terabytes, or 1,048,576 
Gigabytes. 
PBAC Policy-Based Access Control. A form of access control that uses an authorization policy that 


is flexible in the types of evaluated parameters (e.g., identity, role, clearance, operational need, risk, and 


heuristics). 
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PBKDF2 Password-Based Key Derivation Function #2. An algorithm defined in PKCS #5 for 
deriving a random value from a password. 

PBX Private Branch Exchange. A small version of the phone company’s central switching office. 
PCA Policy Certification Authority. Second level of the PKI Certification Management Authority 


that formulates the security policy under which it and its subordinate CAs will issue public key certificates. 


PCI DSS Compliant Meeting all applicable requirements of the current PCI DSS, on a 
continuous basis via a business-as-usual approach. Compliance is assessed and validated at a single point in 
time; however, it is up to each merchant to continuously follow the requirements in order to ensure robust 
security. Merchant banks and/or the payment brands may have requirements for formal annual validation of 


PCI DSS compliance. 


PCI DSS Validated Providing proof that all applicable PCI DSS requirements are met at a 
single point in time. Depending on specific merchant bank and/or payment brand requirements, validation can 
be achieved though the applicable PCI DSS Self-Assessment Questionnaire or by a Report on Compliance 


resulting from an onsite assessment. 
PCI DSS Payment Card Industry Data Security Standard. 


PCI Validated Payment Application Software application that has been validated per the PCI 
Payment Application Data Security Standard (PA-DSS) and is listed on the PCI Council website. 


PCI Payment Card Industry. 


PCl-Approved Payment Terminal Payment terminal that has been approved per the PCI PIN Transaction 
Security (PTS) standard and is listed on the PCI Council website. 


PCI-Listed Point-to-Point Encryption Solution Encryption solution that has been validated per the PCI 
Point-to-Point-Encryption (P2PE) standard and is listed on the PCI Council website. 


PCM Pulse Code Modulation, The most common and most important method that a telephone 
system in North America can use to sample a voice signal and convert that sample into an equivalent digital 


code. PCM is a digital modulation method that encodes a pulse amplitude modulated signal into a PCM 


signal. 

PDA Personal Digital Assistant. A handheld computer that serves as an organizer for personal 
information. 

PDF Portable Document Format. A file format designed to enable printing and viewing of 


documents with all their formatting (typefaces, images, layout, etc.) appearing the same regardless of what 
operating system is used, so a PDF document should look the same on Windows, Macintosh, Linux, OS/2, 
etc. The PDF format is based on the widely used Postscript document-description language. Both PDF and 
Postscript were developed by the Adobe Corporation; File format and filename extension for Adobe Portable 


Document Format documents. 
PDN Public Data Network. 


PDNS Passive DNS. Passive Domain Name System, consists largely of referrals and answers from 
authoritative name servers on the Internet (along with errors, of course). This data is time-stamped, deduped, 


and compressed, then replicated to a central database for archiving and analysis. 
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PDS Protected Distribution System. Wire line or fiber optic system that includes adequate 
safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for 


the transmission of unencrypted information through an area of lesser classification or control. 


PDU Protocol Data Unit. A PDU is a data object exchanged by protocol machines (entities) 
within a given layer. PDUs consist of both protocol control information (PCI) and user data. 


PED (1) Portable Electronic Device. 
PED (2) PIN Entry Device. Keypad into which the customer enters their PIN. 


Peer Entity Authentication The process of verifying that a peer entity in an 


association is as claimed. 


Peer-to-Peer Network Networks that are often used to share content files containing audio and 
video data. Relies primarily on the computing power and bandwidth of the participants in the network rather 


than concentrating power in a low number of servers. 


PEM Encoding A simple encoding scheme for cryptographic objects that outputs printable values (by Base 
64 encoding a DER-encoded representation of the cryptographic object). The scheme was first introduced in 
Privacy Enhanced Mail, a defunct way of providing E-mail security. 


PEM Privacy Enhanced Mail. Internet email standard that provides confidentiality, authentication, 


and message integrity using various encryption methods. Not widely deployed in the Internet. 


Pen Test A colloquial term for penetration test or penetration testing. 
Penetration Profile A delineation of the activities required to effect penetration. 
Penetration Signature The description of a situation or set of conditions in which a penetration 


might occur. 


Penetration Test A penetration test is a method of evaluating the computer security of a computer system or 
network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing 
the organization's systems) and malicious insiders (who have some level of authorized access). The process 
involves an active analysis of the system for any potential vulnerabilities that could result from poor or 
improper system configuration, both known and unknown hardware or software flaws, or operational 
weaknesses in process or technical countermeasures. This analysis is carried out from the position of a 
potential attacker and can involve active exploitation of security vulnerabilities. Effective penetration tests 
provides an accurate assessment of the potential impacts to the organization and outline a range of technical 


and procedural countermeasures to reduce risks. 
Penetration A successful unauthorized access to a computer system, 


Per-Call Key Unique traffic encryption key generated automatically by certain secure telecommunications 


systems to secure single voice or data transmissions. 


Perceptual Masking A condition where the perception of one element interferes with the 


perception another. 


Perfect Forward Secrecy Perfect forward secrecy means that even if a private key is known to an 


attacker, the attacker cannot decrypt previously sent messages. 
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Performance The ability to track service and resource usage levels and to provide feedback on the 


responsiveness and reliability of the network. 


Performance-Based A method for designing learning objectives based on behavioral outcomes, 


rather than on content that provides benchmarks for evaluating learning effectiveness. 


Perimeter Encompasses all those components of the system that are to be accredited by the DAA, and 
excludes separately accredited systems to which the system is connected. (Authorization) Encompasses all 
those components of the system or network for which a Body of Evidence is provided in support of a formal 


approval to operate. 
Period The time it takes a waveform to complete one complete cycle. 


Periods Processing The processing of various levels of classified and unclassified information 
at distinctly different times. Under the concept of periods processing, the system must be purged of all 


information from one processing period before transitioning to the next. 


Perishable Data Information whose value can decrease substantially during a specified time. A significant 
decrease in value occurs when the operational circumstances change to the extent that the information is no 


longer useful. 


Permalink Is a "permanent link" to a particular posting in a blog. A permalink is a URL that points to 
a specific blog posting, rather than to the page in which the posting original occurred (which may no longer 
contain the posting.) 


Permission marketin When a person has given a merchant permission to send special offers. 
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Permuter Device used in cryptographic equipment to change the order in which the contents of a shift 


register are used in various nonlinear combining circuits. 


Persistent Object An object that can survive the process that created it. A persistent object exists until it is 


explicitly deleted. 
Personal Agent User Agent. An intelligent agent that takes action on the user’s behalf. 
Personal Computer A commonly used term that refers to a microcomputer. Often called a PC. 


Personal Digital Assistant A small hand-held computer that helps surf the Web and perform simple 


tasks such as note taking, calendaring, appointment scheduling, and maintaining an address book. 


Personal Finance Software Helps the user maintain a checkbook, prepare a budget, 


track investments, monitor credit card balances, and pay bills electronically. 


Personal Firewall A utility on a computer that monitors network activity and blocks communications that are 


unauthorized. 


Personal Identifying Information. Personally Identifiable Information. The information that permits the 
identity of an individual to be directly or indirectly inferred. 


Personal Identity Verification Accreditation The official management decision to authorize operation 
of a PIV Card Issuer after determining that the Issuer’s reliability has satisfactorily been established through 


appropriate assessment and certification processes. 
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Personal Identity Verification Authorizing Official An individual who can act on behalf of an agency to 


authorize the issuance of a credential to an applicant. 


Personal Identity Verification Issuer An authorized identity card creator that procures FIPS- 
approved blank identity cards, initializes them with appropriate software and data elements for the requested 
identity verification and access control application, personalizes the cards with the identity credentials of the 
authorized subjects, and delivers the personalized card to the authorized subjects along with appropriate 


instructions for protection and use. 


Personal Identity Verification Registrar An entity that establishes and vouches for the identity of 
an applicant to a PIV Issuer. The PIV RA authenticates the applicant’s identity by checking identity source 
documents and identity proofing, and that ensures a proper background check has been completed, before the 


credential is issued. 


Personal Identity Verification Sponsor An individual who can act on behalf of a department or 
agency to request a PIV Card for an applicant. 


Personal Information Personal data relating to an identifiable living individual. 


Personal Productivity Software Helps the user perform personal tasks writing a memo, creating a graph, 


and creating a slide presentation that can usually be done even if the user does not own a computer. 


Personalization When a Web site can know enough about the user’s likes and dislikes that it can fashion 
gs 


offers that are more likely to appeal to the user. 


Personally Identifiable Information Information which can be used to distinguish or trace an individual's 
identity, such as their name, social security number, biometric records, etc., alone, or when combined with 
other personal or identifying information which is linked or linkable to a specific individual, such as date and 
place of birth, mother’s maiden name, etc. Any information about an individual maintained by an agency, 
including (1) any information that can be used to distinguish or trace an individual's identity, such as name, 
social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other 
information that is linked or linkable to an individual, such as medical, educational, financial, and employment 


information. 


Personnel Registration Manager = The management role that is responsible for registering human users, i.e., 


users that are people. 


Person-to-Person Payments Online payments using electronic messaging invoke a transfer of value 


between the parties over existing proprietary networks as “on-us” transactions. 


Pest Program Collective term for programs with deleterious and generally unanticipated 


side effects; for example, Trojan horses, logic bombs, letter bombs, viruses, and malicious worms. 


PGP Pretty Good Privacy. PGP provides confidentiality and authentication services for electronic 
mail and file storage applications. Developed by Phil Zimmerman and distributed for free on the Internet. 
Widely used by the Internet technical community. 


PGP Pretty Good Privacy. Public key cryptography software based on the RSA cryptographic 
method. 
Pharming Pharming refers to an attempt by a hacker to redirect a website’s traffic to another site, 


developed for the purpose of stealing information from users. Hackers can exploit vulnerabilities in either the 
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host files on a personal computer or on the domain name system (DNS) server software. DNS servers work to 
direct information on the internet, similar to a road map for traffic. Compromised DNS servers are referred to 


as “poisoned.” 


Phased Conversion The system installation procedure that involves a step-by-step approach 


for the incremental installation of one portion of a new system at a time. 


PHB Pharmacy Benefits Manager. 
PHI Protected health information, or personal health information. 
Phishing An attempt by a third party to solicit confidential information from an individual, group, or 


organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain. 
Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking 


credentials, and other sensitive information, which they may then use to commit fraudulent acts. 


Physical Layer The OSI layer that provides the means to activate and use physical connections for bit 
transmission. In plain terms, the physical layer provides the procedures for transferring a single bit across a 


physical medium, such as cables. 


Physical Organization The packaging of data into fields, records, files, and other structures to 


make them accessible to a computer system. 


Physical Security The measures used to provide physical protection of resources against deliberate and 


accidental threats. 


Physically Isolated Network A network that is not connected to entities or systems outside a physically 


controlled space. 


PIA Privacy Impact Assessment. An analysis of how information is handled (1) to ensure 
handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (2) to determine 
the risks and effects of collecting, maintaining and disseminating information in identifiable form in an 
electronic information system, and (3) to examine and evaluate protections and alternative processes for 


handling information to mitigate potential privacy risks. 
Piconet A small Bluetooth network created on an ad hoc basis that includes two or more devices. 


PictureMare A DigiMare application that embeds an imperceptable digital watermark within an image 


allowing copyright communication, author recognition and electronic commerce. It is currently bundled with 


Adobe Photoshop. 
PIDAS Perimeter Intrusion Detection Assessment System. 


Piggyback Entry Unauthorized access to a computer system that is gained through another user’s legitimate 
sgy y P y' 8 gs 8 


connection. 


Piggybacking entering secure premises by following an authorized person through the security grid; also 
unauthorized access to information by using a terminal that is already logged on with an authorized ID 


(identification). 


PII Confidentiality Impact Level | The PII confidentiality impact level low, moderate, or high indicates the 
potential harm that could result to the subject individuals and/or the organization if PII were inappropriately 


accessed, used, or disclosed. 
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PH Personal Identifiable Information; Personal Identifying Information. 


PIN Personal Identification Number. An alphanumeric code or password used to authenticate an 


identity. A short numeric code used to confirm identity. 


Ping Packet Internet groper, to check if a server is running; from the sound that a sonar system 


makes in movies, you know when they are searching for a submarine. 


PING Packet Internet Grouper. A program used to test reachability of destinations by sending 
them an ICMP echo request and waiting for a reply. The term is used as a verb “Ping host X to see if it is up.” 


Piracy The unauthorized duplication of an original recording for commercial gain without the 
consent of the rightful owner; or the packaging of pirate copies that is different from the original. Pirate copies 


are often compilations, such as the "greatest hits" of a specific artist, or a genre collection, such as dance tracks. 
Pirated Software The unauthorized use, duplication, distribution, or sale of copyrighted software. 


PITs Privacy Invasive Technologies. Describes the many technologies that intrude into privacy. 
Among the host of examples are data-trail generation through the denial of anonymity, data-trail 
intensification (e.g., identified phones, stored-value cards, and intelligent transportation systems), data 


warehousing and data mining, stored biometrics, and imposed biometrics. 


PIV Card Personal Identity Verification Card. Physical artifact (e.g., identity card, “smart” card) issued 
to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized 
fingerprint representation, etc.) such that a claimed identity of the cardholder may be verified against the 


stored credentials by another person (human-readable and verifiable) or an automated process (computer- 


readable and verifiable). 


PIV Personal Identity Verification. The process of creating and using a government wide secure 
and reliable form of identification for federal employees and contractors, in support of HSPD 12, Policy for a 
Common Identification Standard for Federal Employees and Contractors. 


Pivot table Enables to group and summarize information. 


Pixel Short for picture element, a pixel is a single point in a graphic image. It is the smallest thing 
that can be drawn on a computer screen. All computer graphics are made up of a grid of pixels. When these 


pixels are painted onto the screen, they form an image. 


PKCS #1 Public Key Cryptography Standard #1. A standard from RSA Labs specifying how to use 
the RSA algorithm for encrypting and signing data. 


PKCS #10 Describes a standard syntax for certification requests. 


PKCS #I1 Specifies a programming interface called Cryptoki for portable cryptographic devices of all 
kinds. 


PKCS #3 Public Key Cryptography Standard #3. A standard from RSA Labs specifying how to 
implement the Diffie-Hellman key exchange protocol. 


PKCS #5 Public Key Cryptography Standard #5. A standard from RSA Labs specifying how to derive 
cryptographic keys from a password. 
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PKCS #7 Public Key Cryptography Standard #7. A standard from RSA Labs specifying a generic 
syntax for data that may be encrypted or signed. 


PKE Public Key Enabling. The incorporation of the use of certificates for security services such as 


authentication, confidentiality, data integrity, and non-repudiation. 


PL/I Programming Language/ I. A general-purpose, high-level language that combines business 
and scientific processing features. The language contains advanced features for experienced programmers yet 


can be easily learned by novice programmers. 
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Plain Text Clear text. A message before it has been encrypted or after it has been decrypted using a 
specific algorithm and key. 


Plan Sponsor An entity that sponsors a health plan. This can be an employer, a union, or 


some other entity. 
Planning Phase Involves determining a solid plan for developing information system, 


Platform DomainA security domain encompassing the operating system, the entities and operations it 


supports and its security policy. 


Platform Foundation upon which processes and systems are built and which can include hardware, 


software, firmware, etc. 


Plotter A graphics output device in which the computer drives a pen that draws on paper. 

PLP Packet Level Protocol (X.25). 

Plug-in A (usually small) piece of software that adds features to a larger piece of software. 

PMA Policy Management Authority. Body established to oversee the creation and update of 


Certificate Policies, review Certification Practice Statements, review the results of CA audits for policy 
compliance, evaluate non-domain policies for acceptance within the domain, and generally oversee and manage 


the PKI certificate policies. For the FBCA, the PMA is the Federal PKI Policy Authority. 


PMAC The MAC portion of the OCB block cipher mode. It is a patented way of turning a block 
cipher into a secure, parallelizable MAC. 


PMD Physical medium dependent. 


PNA adapter card An expansion card that is put into the user’s computer to act as a doorwa 
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for information flowing in and out. 





PNG Portable Network Graphics. PNG is a graphics format specifically designed for use on the 
World Wide Web. PNG enable compression of images without any loss of quality, including high-resolution 
images. Another important feature of PNG is that anyone may create software that works with PNG images 
without paying any fees - the PNG standard is free of any licensing costs. 


POA&M Plan of Action and Milestones. A document that identifies tasks needing to be accomplished. 
It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks, and 


scheduled completion dates for the milestones. 


Pocket PC OS The operating system for the Pocket PC PDA. 
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Pocket PC A type of PDA that runs on Pocket PC OS that used to be called Windows CE. 


Pointer The address of a record (or other data grouping) contained in another record so that a 
program may access the former record when it has retrieved the latter record. The address can be absolute, 


relative, or symbolic, and hence the pointer is referred to as absolute, relative, or symbolic. 


Pointing stick Small rubber-like pointing device that causes the pointer to move on the screen as the user 


applies directional pressure. Popular on notebooks. 


Polarization The direction of the electric field, the same as the physical attitude of the antenna (e.g., a 
vertical antenna transmits a vertically polarized wave). They receive and transmit antennas need to possess the 


same polarization. 


Policy Mapping Recognizing that, when a CA in one domain certifies a CA in another domain, a particular 
certificate policy in the second domain may be considered by the authority of the first domain to be equivalent 


(but not necessarily identical in all respects) to a particular certificate policy in the first domain. 


Policy A policy is a rule or regulation within an organization pertaining to computing and 
management of information, which contributes to the overall security of the organization's files. A good 
security system starts with a well-structured security policy. Many breaches occur when companies fail to 


recognize this. 


Polling A procedure by which a computer controller unit asks terminals and other peripheral devices 


in a serial fashion if they have any messages to send. 


Polymorphism — A request-handling mechanism that selects a method based on the type of target object. This 
allows the specification of one request that can result in invocation of different methods depending on the 
type of the target object. Most object-oriented languages support the selection of the appropriate method 
based on the class of the object (classical polymorphism). A few languages or systems support characteristics 


of the object, including values and user-defined defaults (generalized polymorphism). 


POP Point of Presence. The point through which local internet users connect to their Internet 
Service Provider's (ISP) network, often through a modem or dedicated line. Two commonly used meanings: 
Point of Presence and Post Office Protocol. A Point of Presence usually means a city or location where a 
network can be connected to, often with dial up phone lines. So if an Internet company says they will soon 
have a POP in Belgrade, it means that they will soon have a local phone number in Belgrade and/or a place 
where leased lines can connect to their network. A second meaning, Post Office Protocol refers to a way that 
e-mail client software such as Eudora gets mail from a mail server. When you obtain an account from an 
Internet Service Provider (ISP) you almost always get a POP account with it, and it is this POP account that 
you tell your e-mail software to use to get your mail. Another protocol called IMAP is replacing POP for 


email. 

Pop-up Ads An ad that appears in its own window when a user opens or closes a Web page. . 
Pop-up Blockers A type of privacy enhancing technology. 

Pop-up Window Unsolicited advertising that appears in its own browser window. 


Pop-up A browser window that opens in addition to the main window. Frequently contain 
bothersome advertising and may be difficult to get rid of. Pop-ups may open automatically without input from 


the user and closing one may open several more unwanted windows. 
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Port Scanning A port scan is a series of messages sent by someone attempting to break into a computer to 


learn which computer network services, each associated with a ' 


‘well-known" port number, the computer 
provides. Port scanning gives the assailant an idea where to probe for weaknesses. Essentially, a port scan 
consists of sending a message to each port, one at a time. The kind of response received indicates whether the 
port is used and can therefore be probed for weakness. Portal a Web site or service offering a broad array of 


resources and services, such as e mail, search engines, subject directories, and forums. 


Port A physical entry or exit point of a cryptographic module that provides access to the module 
for physical signals, represented by logical information flows (physically separated ports do not share the same 
physical pin or wire). 


Port A process or application-specific software element serving as a communication endpoint for 


the Transport Layer IP protocols (UDP and TCP). 


Portability The ability to implement and execute software in one type of computing space and have it 


execute in a different computing space with little or no changes. 


Portable Device A small, easily transportable computing device such as a smartphone, laptop or tablet 


computer. 


Portable Document Format The standard electronic distribution file format for heavily formatted 


documents such as a presentation resume because it retains the original document formatting. 


Portable Electronic Device Any nonstationary electronic apparatus with singular or multiple 
capabilities of recording, storing, and/or transmitting data, voice, video, or photo images. This includes but is 
not limited to laptops, personal digital assistants, pocket personal computers, palmtops, MP3 players, cellular 


telephones, thumb drives, video cameras, and pagers. 


Portable Mass Storage Media Includes but is not limited to plug-ins, Universal Serial Bus (USB) port 
devices, Compact Discs (CDs), Digital Versatile Discs (DVDs), flash drives and any other existing or future 


portable mass storage media. 


Portal A high-level remote access architecture that is based on a server that offers teleworkers access 


to one or more applications through a single centralized interface. 
Ports An interface point between the CPU and a peripheral device. 


POS Point-of-Sale. Applications in which purchase transactions are captured in machine-readable 


form at the point of purchase. 


Positive Control Material Generic term referring to a sealed authenticator system, permissive action 
link, coded switch system, positive enable system, or nuclear command and control documents, material, or 
devices. 

Post Posting. To add a contribution to a forum, chat room, blog, web page, social network 


profile, which is then accessible to others. 


Postpay Billing Billing arrangement between the customer and operator/ SvP in which the customer 


periodically receives a bill for service usage in the past period. 
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Postscript A language used to describe the printing of images and text and typically used with laser 
printing capability. Word processor or desktop publishing applications generate postscript code for higher 
quality laser products. 


Potential Impact The loss of confidentiality, integrity, or availability could be expected to have a limited 
adverse effect; a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, 
organizational assets, or individuals. The loss of confidentiality, integrity, or availability that could be expected 
to have a limited (low) adverse effect, a serious (moderate) adverse effect, or a severe or catastrophic (high) 


adverse effect on organizational operations, organizational assets, or individuals. 


POTS Plain Old Telephone Service. A wired telecommunications system. 

PP Protection profile. 

PPC Security Target evaluation, PP claims. 

PPL Preferred Products List. A list of commercially produced equipments that meet TEMPEST 


and other requirements prescribed by the National Security Agency. This list is included in the NSA 
Information Systems Security Products and Services Catalogue, issued quarterly and available through the 
Government Printing Office. 


PPO Preferred Provider Organization. 


PPP Point to Point Protocol. The most common protocol used to connect home computers to 
the Internet over regular phone lines. Most well known as a protocol that allows a computer to use a regular 


telephone line and a modem to make TCP/IP connections and thus be really and truly on the Internet. 


PPS Prospective Payment System. 

PRA The Paperwork Reduction Act. 

Practice Statement A formal statement of the practices followed by an authentication entity 
(e.g, RA, CSP, or Verifier). It usually describes the policies and practices of the parties and can become legally 
binding. 

Precision Engagement The ability of joint forces to locate, surveil, discern, and track objectives or 


targets; select, organize, and use the correct systems; generate desired effects; assess results; and reengage with 
decisive speed and overwhelming operational tempo as required, throughout the full range of military 


operations. 


Precomputation Attack Any attack that involves precomputing significant amounts of data in 


advance of opportunities to launch an attack. A dictionary attack is a common precomputation attack. 


Precursor A sign that an attacker may be preparing to cause an incident. A sign that an attacker may be 


preparing to cause an incident. 


Prediction Resistance Prediction resistance is provided relative to time T if there is assurance 
that an adversary who has knowledge of the internal state of the DRBG at some time prior to T would be 
unable to distinguish between observations of ideal random bit strings and bit strings output by the DRBG at 


or subsequent to time T. The complementary assurance is called Backtracking Resistance. 


Predictive Modeling Predictive modelling is the process by which a model is created or chosen 


to try to best predict the probability of an outcome. In many cases the model is chosen on the basis of 
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detection theory to try to guess the probability of a signal given a set amount of input data, for example given 


an email determining how likely that it is spam. 


Predisposing Condition A condition that exists within an organization, a mission/business process, 
enterprise architecture, or information system including its environment of operation, which contributes to 
(ie., increases or decreases) the likelihood that one or more threat events, once initiated, will result in 
undesirable consequences or adverse impact to organizational operations and assets, individuals, other 


organizations, or the Nation. 


Preparedness The activities to build, sustain, and improve readiness capabilities to prevent, protect against, 


respond to, and recover from natural or manmade incidents. 


Prepay Billing Billing arrangement between the customer and operator/ SvP in which the customer deposits 


an amount of money in advance, which is subsequently used to pay for service usage. 


Preprocessors Software tools that perform preliminary work on a draft computer program before it is 


completely tested on the computer. 





Preproduction Model Version of INFOSEC equipment employing standard parts and suitable 
for complete evaluation of form, design, and performance. Preproduction models are often referred to as beta 
models. 

Presentation Layer The layer of the ISO Reference Model responsible for formatting and 


converting data to meet the requirements of the particular system being utilized. 


Presentation Resume A format-sensitive document created in a word processor to outline job 


qualifications in one to two printed pages. 


Presentation Software Helps create and edit information that will appear in electronic slides. 
PRG Procedure-Related Group. 
PRI Primary Rate Interface. Provides the same throughput as a T-I, 1.544 Mbps, has 23 B or 


bearer channels, which run at 64 kbps, and a D or data channel, which runs at 16 kbps. 


Pricer Repricer. A person, an organization, or a software package that reviews procedures, 
diagnoses, fee schedules, and other data and determines the eligible amount for a given healthcare service or 


supply. Additional criteria can then be applied to determine the actual allowance, or payment, amount. 
Primary Key An attribute that contains values that uniquely identifies the record in which the key exists. 


Primary Service An independent category of service such as operating system services, communication 
services and data management services. Each primary service provides a discrete set of functionality. Each 
primary service inherently includes generic qualities such as usability, manageability and security. Security 
services are therefore not primary services but are invoked as part of the provision of primary services by the 


primary service provider. 
Prime number A natural number greater than I that can only be divided by I and itself. 


Principal CA Principal Certification Authority. The Principal Certification Authority is 
a CA designated by an agency to interoperate with the FBCA. An agency may designate multiple Principal CAs 
to interoperate with the FBCA. 
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Principal An entity whose identity can be authenticated. 


Principle of Least Privilege Principle of Least Access. A security procedure under which users are 


granted only the minimum access authorization they need to perform required tasks, 


Print Suppress The elimination of the printing of characters to preserve their secrecy for example, the 


characters of a password as they are keyed by a user at a terminal or station on the network. 
Print SuppressionEliminating the display of characters in order to preserve their secrecy. 


Printer Access Protocol PAP was the standard way of communicating with PostScript printers. It 
was built on top of ATP. When a PAP connection was opened, each end sent the other an ATP request which 
basically meant "send me more data". The client's response to the server was to send a block of PostScript 
code, while the server could respond with any diagnostic messages that might be generated as a result, after 
which another "send-more-data" request was sent. This use of ATP provided automatic flow control; each 
end could only send data to the other end if there was an outstanding ATP request to respond to. PAP also 
provided for out-of-band status queries, handled by separate ATP transactions. Even while it was busy 
servicing a print job from one client, a PAP server could continue to respond to status requests from any 
number of other clients. This allowed other Macintoshes on the LAN that were waiting to print to display 
status messages indicating that the printer was busy, and what the job was that it was busy with. 


Privacy Law Laws which regulate the protection of confidential personal information stored in private 
records or disclosed to a professional. Also includes laws which regulate the gathering of electronic data in 


which personal information is accumulated or misappropriated. 
Privacy Policy A statement concerning collection, storage, and use of personal information. 


Privacy Protection The establishment of appropriate administrative, technical, and physical 
safeguards to protect the security and confidentiality of data records against anticipated threats or hazards that 
could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual about whom 


such information is maintained. 


Privacy Seal An online seal awarded by one of multiple privacy certification vendors to Web sites that 
agree to post their privacy practices openly via privacy statements, as well as adhere to enforcement procedures 
that ensure that their privacy promises are met. When you click on the privacy seal, typically you’re taken 
directly to the privacy statement of the certified Web site. 


Privacy StatementA page or pages on a Web site that lay out its privacy policies, i.e. what personal information 
is collected by the site, how it will be used, whom it will be shared with, and whether you have the option to 


exercise control over how your information will be used. 


Privacy System Commercial encryption system that affords telecommunications limited protection to deter a 


casual listener, but cannot withstand a technically competent cryptanalytic attack. 
Privacy Freedom from unauthorized intrusion or disclosure of information about an individual. 


Private Key A cryptographic key used with a public key cryptographic algorithm, which is uniquely 
associated with an entity, and not made public; it is used to generate a digital signature; this key is 
mathematically linked with a corresponding public key; a cryptographic key, used with a public key 
cryptographic algorithm, that is uniquely associated with an entity and is not made public. In an asymmetric 


cryptography scheme, the private or secret key of a key pair which must be kept confidential and is used to 
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decrypt messages encrypted with the public key or to digitally sign messages, which can then be validated with 
the public key. 


Private Network A network established and operated by a private organization for the benefit of members of 


the organization. 


Privilege Abuse Using computer system access privileges in an abusive manner. Examples include a system 
administrator accessing card data for malicious purposes, or someone stealing and using an administrator’s 


elevated access privileges for malicious purposes. 


Privilege Management The definition and management of policies and processes that define the 
ways in which the user is provided access rights to enterprise systems. It governs the management of the data 
that constitutes the user's privileges and other attributes, including the storage, organization and access to 


information in directories. 


Privilege Separation A technique for trying to minimize the impact that a programming flaw 
can have, where operations requiring privilege are separated out into a small, independent component 
(hopefully audited with care). Generally, the component is implemented as an independent process, and it 
spawns off a non-privileged process to do most of the real work. The two processes keep open a 


communication link, speaking a simple protocol. 
Privilege A right granted to an individual, a program, or a process. 


rivileged Accoun s an information system account with approved authorizations of a 
Privileged A t I f t yst t with approved auth t f 

privileged user; an information system account with authorizations of a privileged user; Individuals who have 
access to set access rights for users on a given system; sometimes referred to as system or network 


administrative accounts. 


Privileged Command A human-initiated command executed on an information system involving 
the control, monitoring, or administration of the system including security functions and associated security- 


relevant information. 


Privileged Instructions A set of instructions generally executable only when the computer system 
is operating in the executive state (e.g., while handling interrupts). These special instructions are typically 


designed to control such protection features as the storage protection features. 


Privileged Process A computer process that is authorized (and, therefore, trusted) to perform 


security-relevant functions that ordinary processes are not authorized to perform. 


Privileged User A user that is authorized (and, therefore, trusted) to perform security relevant functions that 


ordinary users are not authorized to perform. 


PRM Performance Reference Model. Framework for performance measurement providing 
common output measurements throughout the federal government. It allows agencies to better manage the 
business of government at a strategic level by providing a means for using an agency's EA to measure the 


success of information systems investments and their impact on strategic outcomes. 


PRNG Pseudorandom Number Generator. An algorithm that produces a sequence of bits that are 
uniquely determined from an initial value called a seed. The output of the PRNG “appears” to be random, ie., 
the output is statistically indistinguishable from random values. A cryptographic PRNG has the additional 
property that the output is unpredictable, given that the seed is not known. 
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PRO Professional Review Organization or Peer Review Organization. 
Probe A technique that attempts to access a system to learn something about the system. 
Problem Reporting The method of identifying, tracking, and assigning attributes to problems 


detected within the software product, deliverables, or within the development processes. 
Problem Any deviation from predefined standards. 


Procedural Language A computer programming language in which the programmer must 


determine the logical sequence of program execution as well as the processing required. 


Procedure Division A section of a COBOL program that contains statements that direct 


computer processing operations. 
Procedure View Contains all of the procedures within a system. 


Procedure A document containing a detailed description of the steps necessary to perform specific 


operations in conformance with applicable standards. Procedures are defined as part of processes. 


Process Description A narrative that describes in sequence the processing activities that take 


place in a computer system and the procedures for completing each activity. 
Process A sequence of activities. 


Processing Controls Techniques and methods used to ensure that processing produces correct 


results. 
Processor The hardware unit containing the functions of memory and the central processing unit. 


Product Certification Center A facility that certifies the technical security integrity of communications 


equipment. The equipment is handled and used within secure channels. 
Production Model INFOSEC equipment in its final mechanical and electrical form. 


Profile Filtering Requires that the user choose terms or enter keywords to provide a more personal picture of 


preferences. 


Profiling Analyzing a program to determine how much time is spent in different parts of the program 


during execution. 


Program Analyzers Software tools that modify or monitor the operation of an application 


program to allow information about its operating characteristics to be collected automatically. 


Program Development Process The activities involved in developing computer programs, including 


problem analysis, program design, process design, program coding, debugging, and testing, 


Program Maintenance The process of altering program code or instructions to meet new or 


changing requirements. 


Program Manager The person ultimately responsible for the overall procurement, 


development, integration, modification, or operation and maintenance of the IS, 


Programmer The individual who designs and develops computer programs. 
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Programmer/ Analyst The individual who analyzes processing requirements and then designs and 


develops computer programs to direct processing. 


Programming language A language with special syntax and style conventions for coding computer 
programs. 
Programming Specifications The complete description of input, processing, output, and storage 


requirements necessary to code a computer program. 


Project Manager An individual who is an expert in project planning and management, defines and develops 


the project plan, and tracks the plan to ensure all key project milestones are completed on time. 
Project MilestoneKey date by which a certain group of activities needs to be performed. 


Project Plan Defines the what, when, and who questions of system development including all activities to 
be performed, the individuals or resources who will perform the activities, and the time required to complete 


each activity. 


Project Scope Document A written definition of the project scope and usually no longer than a 


paragraph. 
Project Scope Clearly defines the high-level system requirements. 


Project Team A team designed to accomplish specific one-time goals, which is disbanded once the project 


is complete. 
Prolog A language widely used in the field of artificial intelligence. 
PROM Programmable Read-Only Memory. Computer memory chips that can be programmed 


permanently to carry out a defined process. 


Promiscuous Mode A configuration setting for a network interface card that causes it to accept 


all incoming packets that it sees, regardless of their intended destinations. 


Proof of Correctness The use of mathematical logic to infer that a relation between program 
variables assumed true at the program entry implies that another relation between program variables holds at 


program exit. 
Proof-of-Concept Prototype A prototype used to prove the technical feasibility of a proposed system. 


PROPIN Proprietary Information. Material and information relating to or associated with a 
company's products, business, or activities, including but not limited to financial information; data or 
statements; trade secrets; product research and development; existing and future product designs and 
performance specifications; marketing plans or techniques; schematics; client lists; computer programs; 
processes; and know-how that has been clearly identified and properly marked by the company as proprietary 
information, trade secrets, or company confidential information, The information must have been developed 
by the company and not be available to the government or to the public without restriction from another 


source. 


Protect To keep information systems away from intentional, unintentional, and natural threats (1) 
preclude an adversary from gaining access to information for the purpose of destroying, corrupting, or 
manipulating such information; or (2) deny use of information systems to access, manipulate, and transmit 


mission-essential information. 
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Protection Philosophy Informal description of the overall design of an information system 
delineating each of the protection mechanisms employed. Combination of formal and informal techniques, 


appropriate to the evaluation class, used to show the mechanisms are adequate to enforce the security policy. 


Protection Profile Common Criteria specification that represents an implementation- 
independent set of security requirements for a category of Target of Evaluations (TOE) that meets specific 


consumer needs. 


Protection Ring A hierarchy of access modes through which a computer system enforces the access rights 


granted to each user, program, and process, ensuring that each operates only within its authorized access mode. 


Protection Schema An outline detailing the type of access users may have to a database or 


application system, given a user’s need-to-know; e.g., read, write, modify, delete, create, execute, and append. 


Protective Distribution System Wite line or fiber optic system that includes adequate safeguards and/or 
countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to permit its use for the transmission of 


unencrypted information. 
Protective Layers Mechanisms for insuring the integrity of systems or data. 


Protective Packaging Packaging techniques for COMSEC material that discourage penetration, 
reveal a penetration has occurred or was attempted, or inhibit viewing or copying of keying material prior to 


the time it is exposed for use. 


Protective Technologies Special tamper-evident features and materials employed for the purpose of 
detecting tampering and deterring attempts to compromise, modify, penetrate, extract, or substitute 


information processing equipment and keying material. 


Protocol Analyzer A data communications testing unit set that enables a network engineer to 


observe bit patterns and simulate network elements. 


Protocol Entity Entity that follows a set of rules and formats (semantic and syntactic) that determines the 


communication behavior of other entities. 


Protocol A set of instructions required to initiate and maintain communication between sender and 


receiver devices. 


Prototype A usable system or subcomponent that is built inexpensively or quickly with the intention of 
modifying or replacing it. 


Proxy Agent A software application running on a firewall or on a dedicated proxy server that is capable of 


filtering a protocol and routing it between the interfaces of the device. 


Proxy Server A server that acts on behalf of a user. Typical proxies accept a connection from a user, make 
a decision as to whether the user or client IP address is permitted to use the proxy, perhaps perform additional 


authentication, and complete a connection to a remote destination on behalf of the user. 


Proxy A proxy is an application that breaks the connection between client and server. The proxy 
accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively 
closes the straight path between the internal and external networks making it more difficult for an attacker to 
obtain internal addresses and other details of the organization‘s internal network. Proxy servers are available 


for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web 
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access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email; An application that breaks the 
connection between client and server. The proxy accepts certain types of traffic entering or leaving a network 
and processes it and forwards it. This effectively closes the straight path between the internal and external 
networks, making it more difficult for an attacker to obtain internal addresses and other details of the 
organization's internal network. Proxy servers are available for common Internet services; for example, a Hyper 
Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) 


proxy used for email. 
PRS Resource utilization, priority of service. 


PRSN Primary Services Node. A Key Management Infrastructure core node that provides the users’ 


central point of access to KMI products, services, and information, 


PSDN Packet-Switched Data Network. 
PSE Privacy, Pseudonymity. 
Pseudocode Program processing specifications that can be prepared as structured English-like statements 


which can then be easily converted into source code. 


Pseudoflow An apparent loophole deliberately implanted in an operating system program as a trap for 
intruders. 
Pseudonym A false name. (1) A subscriber name that has been chosen by the subscriber that is not 


verified as meaningful by identity proofing. (2) An assigned identity that is used to protect an individual's true 
identity. 


Pseudonymity A word derived from ‘pseudonym’, meaning ‘false name’, is a state of disguised identity. 
Most pseudonym holders use them because they wish to remain anonymous. The term is most commonly used 
today to refer to identity on the internet pseudonymity is often attempted through the use of an online avatar, 


or character, and/or user name to disguise a user’s real identity. 


PSK Phase Shift Keying. 

PSN (1) Packet-Switched Network. 

PSN (2) Product Source Node. The Key Management Infrastructure core node that provides central 
generation of cryptographic key material. 

PSNP Partial Sequence Number PDU. 

PSPDN Packet-switched public data network. 

PSTN Public Switched Telephone Network. Refers to the local, long distance, and international 


phone system which we use every day. In some countries, it is a single phone company. In countries with 
competition, PSTN refers to the entire interconnected collections of local, long distance, and international 


phone companies, of which there could be thousands. 


Psychographic Filtering Anticipates the user's preferences based on the answers given to a 
questionnaire. 
PTC Provider Taxonomy Codes. An administrative code set for identifying the provider type and 


area of specialization for all healthcare providers. A given provider can have several Provider Taxonomy Codes. 
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This code set is used in the X12 278 Referral Certification and Authorization and the X12 837 Claim 
transactions, and is maintained by the NUCC. 


PTT Post, Telephone, and Telegraph. 


Public Domain Software Software not protected by copyright laws of any nation that may be freely 
used without permission of, or payment to, the creator, and that carries no warranties from, or liabilities to the 


creator. 


Public Key Certificate A digital document issued and digitally signed by the private key of a 
Certificate authority that binds the name of a Subscriber to a public key. The certificate indicates that the 
Subscriber identified in the certificate has sole control and access to the private key; A set of data that 
unambiguously identifies an entity, contains the entity's public key, and is digitally signed by a trusted third 
patty (certification authority); A set of data that uniquely identifies an entity, contains the entity‘s public key, 
and is digitally signed by a trusted party, thereby binding the public key to the entity. 


Public Key Cryptography Standards Public Key Cryptography Standards (PKCS) are 
specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the 


purpose of accelerating the deployment of Public-Key Cryptography. 


Public Key Cryptography An asymmetric cryptosystem where the encrypting and decrypting keys are 
different and it is computationally infeasible to calculate one form the other, given the encrypting algorithm. 
In public key cryptography, the encrypting key is made public , but the decrypting key is kept secret. 


Public Key Encryption Public Key Cryptography. 


Public Key Infrastructure An architecture which is used to bind public keys to entities, enable other 
entities to verify public key bindings, revoke such bindings, and provide other services critical to managing 
public keys. A Framework that is established to issue, maintain, and revoke public key certificates. A support 
service to the PIV system that provides the cryptographic keys needed to perform digital signature-based 
identity verification and to protect communications and storage of sensitive verification system data within 
identity cards and the verification system. The framework and services that provide for the generation, 
production, distribution, control, accounting, and destruction of public key certificates. Components include 
the personnel, policies, processes, server platforms, software, and workstations used for the purpose of 
administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and 


revoke public key certificates. 


Public Key A cryptographic key used with a public key cryptographic algorithm that is uniquely 
associated with an entity and that may be made public. A cryptographic key that may be widely published and 
is used to enable the operation of an asymmetric cryptography scheme. This key is mathematically linked with 
a corresponding private key. Typically, a public key can be used to encrypt, but not decrypt, or to validate a 


signature, but not to sign. 
Public Network A network on which the organization competes for time with others. 


Public Seed A starting value for a pseudorandom number generator. The value produced by the random 
number generator may be made public. The public seed is often called a salt. 


Purge Rendering sanitized data unrecoverable by laboratory attack methods. 


Purging The orderly review of storage and removal of inactive or obsolete data files. 
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Push Notification Messages and notifications that are sent to users of technology through a 


constantly open IP connection. Such messages may include badges, sounds or custom text alerts. 


Push Technology An environment in which businesses and organizations come to the user with information, 


services, and product offerings based on the user profile. 
PVC Permanent virtual circuit. 


PWMA Primary Warfare Mission Area. A warfare mission area concerned with a specific, major 


phase or portion of naval warfare. 


Python is a widely used high-level, general-purpose, interpreted, dynamic programming language. Its 
design philosophy emphasizes code readability, and its syntax allows programmers to express concepts in fewer 
lines of code than would be possible in languages such as C++ or Java. The language provides constructs 


intended to enable clear programs on both a small and large scale. 


QA Quality assurance. 

QAM Quadrature Amplitude Modulation. 

QBE Query-by-Example Tools. Helps the user graphically design the answer to a question. 

QC Quality control. 

QIR Qualified Integrator or Reseller. 

QoS Quality of Service. 

QSA Qualified Security Assessor. A company approved by the PCI Security Standards Council to 


validate an entity’s adherence to PC] DSS requirements. 


Quadrant Short name referring to technology that provides tamper-resistant protection to 
cryptographic equipment. 
Qualitative Assessment Use of a set of methods, principles, or rules for assessing risk based on 


nonnumeric categories or levels. 


Qualitative Inductive analytical approaches that are oriented toward relative, non-measurable, and 


subjective values, such as expert judgment. 


Quality Assurance An overview process that entails planning and systematic actions to ensure 


that a project is following good quality management practices. 
Quality Control Process by which product quality is compared with standards. 


Quality of Service The measurable end-to-end performance properties of a network service, 
which can be guaranteed in advance by a Service-Level Agreement between a user and a service provider, so as 
to satisfy specific customer application requirements. These properties may include throughput (bandwidth), 


transit delay (latency), error rates, priority, security, packet loss, packet jitter, etc. 


uali e totality of features and characteristics of a product or service that bear on its ability to 
lity The totality of feat d characterist f a product that b ts ability t 


meet stated or implied needs. 
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Quantitative Assessment Use of a set of methods, principles, or rules for assessing 
tisks based on the use of numbers where the meanings and proportionality of values are maintained inside and 


outside the context of the assessment. 


Quantitative Deductive analytical approaches that are oriented toward the use of 


numbers or symbols to express a measurable quantity, such as MTTR. 


Quantitizing The systematic method of providing standard binary numbering to PAM 
samples for PCM conversion. 

Quarantine Store files containing malware in isolation for future disinfection or examination. 

Query and Reporting Tools Similar to QBE tools, SQL, and report generators in the typical database 
environment. 


Query Language A language that enables a user to interact indirectly with a DBMS to retrieve and possibly 
modify data held under the DBMS. 


Queue A waiting line in which a set of computer programs is in secondary storage awaiting 
processing. 
R&D Research and Development. Addressing cyber security and information infrastructure 
protection. 
RA Registration Authority. A trusted entity that establishes and vouches for the identity of a 


Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has 
a relationship to the CSP(s). 


Race Condition A class of error in environments that are multi-threaded or otherwise multi- tasking, where 
an operation is falsely assumed to be atomic. That is, if two operations overlap instead of being done 
sequentially, there is some risk of the resulting computation not being correct. There are many cases where 


such a condition can be security critical. 


Radiation Field The radio frequency field that is created around the antenna and has specific properties that 


affect the signal transmission. 


Radio Frequency Identification An automatic identification and data capture system comprising one or 
more readers and one or more tags in which data transfer is achieved by means of suitable modulated inductive 


or radiating electromagnetic carriers. . 
RADIUS Remote Authentication Dial-In User Service. 


RAID Redundant Arrays of Inexpensive Disks. Instead of using one large disk to store data, you 
use many smaller disks (because they are cheaper). An approach to using many low-cost drives as a group to 


improve performance, yet also provides a degree of redundancy that makes the chance of data loss remote. 


Rain Attenuation Raindrop Absorption. The scattering of the microwave signal, which can cause signal loss in 


transmissions. 


Rainbow Series A multi-volume set of publications on Information Assurance, Information Security and 
related topics. Published by the National Computer Security Center (NCSC) at the National Security Agency 
(NSA) in Fort Meade, MD. Each volume is published under a different color cover, hence the term “Rainbow” 


series. 
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Rainbow Tables A set of tools and techniques used for cracking MS Windows passwords. 


RAM A type of computer memory that can be accessed randomly; that is, any byte of memory can 
be accessed without touching the preceding bytes. RAM is the most common type of memory found in 
computers and other devices, such as printers. There are two basic types of RAM: dynamic RAM (DRAM) 
and static RAM (SRAM). 


Random Access A method that allows records to be read from and written to disk media without regard to 


the order of their record key. 


Random Failure Failures that result from physical degradation over time and variability introduced during the 


manufacturing process. 


Randomizer Analog or digital source of unpredictable, unbiased, and usually independent bits. 
Randomizers can be used for several different functions, including key generation or to provide a starting state 


for a key generator. 


Randomness Randomness has both mathematical and colloquial definitions. 
Mathematically speaking, random outcomes are independent and equally likely to occur. Colloquially, random 
usually implies being unpredictable and/or unguessable. Random data is often tested with statistical tests that 
search for evidence to disprove the assertion that the data is random (e.g., patterns, cycles, bias), Data that is 


statistically random can be completely predictable. Thus it is usually insufficient to refer to "random data". 
Range The distance a signal travels before it degrades and needs to be repeated. 


Ranges Header Field Memory Exhaustion The vulnerability is due to an error while pursing the 
Ranges Header Field which causes the program to consume excessive resources. A remote, unauthenticated 
attacker can exploit this vulnerability by sending a specially request to the vulnerable server causing it to 


become unresponsive. 


Ransomware Ransomwatre is a category of malware that demands some form of 
compensation, a ransom, in return for data or functionality held hostage. For instance, ransomware might 
change Proxy settings in a browser to limit web use, making it difficult to find a solution to remove a 


computer virus. 


RAR Roshal Archive. A compressed file format similar in use to the more popular ZIP format. It 
is used to conserve storage and network resources and simplifies the movement of large sets of files. Optional 
encryption is available using the NIST Advanced Encryption Standard algorithm. Just as ZIP archives are 
created with software such as WinZip. 


RARP Reverse Address Resolution Protocol. Protocol in the TCP/IP stack that ptovides a method 
for finding IP addresses based on MAC addresses. Compare with Address Resolution Protocol (ARP). 


RAS Remote Access Service. Refers to any combination of hardware and software to enable the 
remote access to tools or information that typically reside on a network of IT devices. Originally coined by 
Microsoft when referring to their built-in NT remote access tools, RAS was a service provided by Windows 
NT which allowed most of the services that would be available on a network to be accessed over a modem link. 
Over the years, many vendors have provided both hardware and software solutions to gain remote access to 
various types of networked information. In fact, most modern routers include a basic RAS capability that can 


be enabled for any dial-up interface. 
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Raster Image An image that is composed of small points of color data called pixels. Raster images allow 
the representation complex shapes and colors in a relatively small file format. Photographs are represented 


using raster images. 


RBAC Role-Based Access Control. A model for controlling access to resources where permitted 
actions on resources are identified with roles rather than with individual subject identities. Access control 
based on user roles (i.e., a collection of access authorizations a user receives based on an explicit or implicit 
assumption of a given role). Role permissions may be inherited through a role hierarchy and typically reflect 
the permissions needed to perform defined functions within an organization. A given role may apply to a 


single individual or to several individuals. 


RBG Random Bit Generator. A device or algorithm that outputs a sequence of binary bits that 
appears to be statistically independent and unbiased. An RBG is either a DRBG or an NRBG. 


RBOCs Regional Bell operating companies. 
RC2 A block cipher with variable key sizes and 64-bit blocks. 
RC4 A widely used stream cipher that is relatively fast but with some significant problems. One 


practical problem is that it has a weak key setup algorithm, though this problem can be mitigated with care. 
Another more theoretical problem is that RC4’s output is easy to distinguish from a truly random stream of 


numbers. This problem indicates that RC4 is probably not a good long-term choice for data security. 


RCS A block cipher that has several tunable parameters. 

RCP Remote Copy Protocol. 

RCR Development, representation correspondence. 

RCV Protection of the TSF, trusted recovery. 

RDCO Regional Diplomatic Courier Officer. The RDCO oversees the operations of a regional 


diplomatic courier division. 


RDF Resource Definition Framework. A set of rules (a sort of language) for creating descriptions 
of information, especially information available on the World Wide Web. RDF could be used to describe a 
collection of books, or artists, or a collection of web pages as in the RSS data format which uses RDF to 
create machine-readable summaries of web sites. RDF is also used in XPFE applications to define the 
relationships between different collections of elements, for example RDF could be used to define the 
relationship between the data in a database and the way that data is displayed to a user. 


RDP Remote Desktop Protocol. The communication protocol used to provide remote viewing 


and control of Microsoft Windows computers and applications. 
Reaccreditation The official management decision to continue operating a previously accredited system. 
Reach An aggregate measure of the degree to which information is shared. 


React To respond to threat activity within information systems, when detected, and mitigate the 


consequences by taking appropriate action to incidents that threaten information and information systems. 
q y § approp y 


Read Access Permission to read information in an information system. 
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Read Fundamental operation in an information system that results only in the flow of information 


from an object to a subject. 
Reality The real world. 


Real-Time Network Monitoring Immediate response to a penetration attempt that is detected and 


diagnosed in time to prevent access. 


Real-Time Processing Computer processing that generates output fast enough to support 


multiple activities being performed concurrently. 


Real-Time Reaction A response to a penetration attempt that can prevent actual penetration 


because the attempt is detected and diagnosed in time. 


Reassembly The process by which an IP datagram is “put back together” at the receiving hosts after 


having been fragmented in transit. 


Recertification A reassessment of the technical and non-technical security features and other safeguards of a 


system made in support of the reaccreditation process. 


Recipient Usage Period The period of time during the cryptoperiod of a symmetric key when 


protected information is processed. 


Reciprocal Agreement Emergency processing agreement between two or more enterprises with 
similar equipment or applications. Typically, participants of a reciprocal agreement promise to provide 


processing time to each other when an emergency arises. 


Reciprocity Mutual agreement among participating enterprises to accept each other's security assessments 
in order to reuse information system resources and/or to accept each other's assessed security posture in order 
to share information. Mutual agreement among participating organizations to accept each other's security 
assessments in order to reuse information system resources and/or to accept each other's assessed security 


posture in order to share information. 


Recognition Capability to detect attacks as they occur and to evaluate the extent of damage and 
compromise. 
Record Block A group or collection of records appearing between interblock gaps on 


magnetic storage media. This group of records is handled as a single entity in computer processing. 


Record Blocking A technique of writing several records to magnetic storage media in between interblock gaps 


or Spaces. 


Record Material All books, papers, maps, photographs, or other documentary materials, regardless of physical 
form or characteristics, made or received by the U.S. government in connection with the transaction of public 
business and preserved or appropriated by an agency or its legitimate successor as evidence of the organization, 
functions, policies, decisions, procedures, or other activities of any agency of the government, or because of the 


informational data contained therein. 


Records Management The process for tagging information for records-keeping requirements as 


mandated in the Federal Records Act and the National Archival and Records Requirements. 


Records The recordings (automated and/or manual) of evidence of activities performed or results 


achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the 
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information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of 
data fields that can be accessed by a program and that contain the complete set of information on particular 
items); All books, papers, maps, photographs, machinereadable materials, or other documentary materials, 
regardless of physical form or characteristics, made or received by an agency of the United States government 
under federal law or in connection with the transaction of public business and preserved or appropriate for 
preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, 
decisions, procedures, operations, or other activities of the government or because of the informational value 


of the data in them. 
Recovery Action Execution of a response or task according to a written procedure. 


Recovery Procedures The action necessary to restore a system’s computational capability and 
y y y' P P y 


data files after system failure or penetration. 


Recovery The activities after an incident or event to restore essential services and operations in the 


short and medium term and fully restore all capabilities in the longer term. 


Rectifier A diode designed to be placed in an alternating current circuit, used for converting AC to 
DC. 
Recurring Decision A decision that you have to make repeatedly and often periodically, 


whether weekly, monthly, quarterly, or yearly. 


Recurring Payment A billing method where merchants bill their customers repeatedly over 
time, such as for monthly memberships or subscriptions. A secure way to do this is for the acquirer/ processor 


to tokenize the card data, which ensures its protection and relieves the merchant from this responsibility. 


Recursion The definition of something in terms of itself. For example, a bill of material is usually 


defined in terms of itself. 


Red Book Common name used to refer to the Network Interpretation of the TCSEC (Orange Book). 
Originally referred to in some circles as the “White Book.” 


Red Flags Rule A law requiring certain businesses and organizations including doctors offices, hospitals, 
finance companies, auto dealers, mortgage brokers, utilities, telecommunication companies, etc, to develop a 


written program to spot the warning signs of identity theft. 
Red Forces Forces of countries considered unfriendly to the United States and her Allies. 


Red Signal Any electronic emission (e.g., plain text, key, key stream, subkey stream, initial fill, or control 


signal) that would divulge national security information if recovered. 


Red Team Exercise An exercise, reflecting real-world conditions, that is conducted as a 
simulated adversarial attempt to compromise organizational missions and/or business ptocesses to provide a 


comprehensive assessment of the security capability of the information system and organization. 


Red Team A group of people authorized and organized to emulate a potential adversary’s attack or 
exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve 
enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating 


what works for the defenders (i.e., the Blue Team) in an operational environment. 
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Red (1) Designation applied to information systems, and associated areas, circuits, components, 
and equipment in which national security information is being processed. (2) In cryptographic systems, refers 


to information or messages that contain sensitive or classified information that is not encrypted. 


Red-Black Concept Separation of electrical and electronic circuits, components, equipment, 
and systems that handle unencrypted information (Red), in electrical form, from those that handle encrypted 


information (Black) in the same form. 


Red-Black Separation The requirement for physical spacing between “red” and “black” 


processing systems and their components, including signal and power lines. 


Redundancy Additional or alternative systems, sub-systems, assets, or processes that 
maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or 


process. 


Redundant Control Capability Use of active or passive replacement, for example, throughout the network 
components (i.e., network nodes, connectivity, and control stations) to enhance reliability, reduce threat of 


single-point-of-failure, enhance survivability, and provide excess capacity. 


Redundant Site A recovery strategy involving the duplication of key information technology components, 
including data, or other key business processes, whereby fast recovery can take place. The redundant site 


usually is located away from the original. 


Reference Configuration A combination of functional groups and reference points that shows 


possible network arrangements. 


Reference Implementation Standards-based software code that was successfully executed and now is 


used as a reference point for new implementation of an encryption or other standard. 


Reference Monitor (1) An access control concept that refers to an abstract machine that 
mediates all accesses to objects by subjects. (2) A system component that mediates usage of all objects by all 


subjects, enforcing the intended access controls. 
Referential Attributes The facts that tie an instance of one object to an instance of another object. 


Referential Integrity The assurance that an object handle identifies a single object. The facility 
of a DBMS that ensures the validity of predefined relationships. 


Referrer Field The referrer header field (mistakenly spelled referer in the HTTP standard) is a unit of 
information that contains the URL of the site you are currently in, The referrer header field is sent 
automatically to any site you are about to visit when clicking a link. Referrer headers allow reading patterns to 
be studied and reverse links drawn. The address of the page might contain privacy information (such as your 


name or e-mail address), or might reveal personal interests that you would rather keep private. 


Reflections When the microwave signal traverses a body of water or fog bank and causes multipath 


conditions. 


Registered Ports Registered ports--1024 through 49151, Listed by the IANA and on most systems can be 


used by ordinary user processes or programs executed by ordinary users. 


Registration The process through which a party applies to become a subscriber of a Credentials Service 
Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP. The 
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process through which an Applicant applies to become a Subscriber of a CSP and an RA validates the identity 
of the Applicant on behalf of the CSP. 


Regression Testing The rerunning of test cases that a program has previously executed 
correctly to detect errors created during software correction or modification. Tests used to verify a previously 


tested system whenever it is modified. 
Regulation Rules or laws defined and enforced by an authority to regulate conduct. 


Regulatory Requirements Rules or laws that regulate conduct and that the enterprise must obey to 


become compliant 
Rekey To change the value of a cryptographic key that is being used in a cryptographic system. 
Rekeying Changing a key in a cryptographic system. 


Related Key Attack A class of cryptographic attack where one takes advantage of known 


relationships between keys to expose information about the keys or the messages those keys are protecting. 


Relation Describes each two-dimensional table or file in the relation model (hence its name relational 


database model). 


Relational Database In a relational database, data is organized in two-dimensional tables or 


relations. 


Relay Attack An attack in which the adversary has to forward the request of the card reader, for example, 
to the victim and relay back its answer to the card reader in real time, in order to carry out a task pretending to 


be the owner of the victim’s smart card, for example. 


Release Prefix Prefix appended to the short title of U.S.-produced keying material to indicate its foreign 
releasability. "A" designates material that is releasable to specific allied nations, and "U.S." designates material 


intended exclusively for U. S. use. 
Relevance Related to the matter at hand; directly bearing upon the current matter. 


Reliability Critical A term applied to any condition, event, process, or item whose recognition, 


control, performance or tolerance is essential to reliable system operation or support. 


Reliability The probability that a system or service will perform in a satisfactory manner for a given 


period of time when used under specific operating conditions, 


RELURL One of two basic kinds of uniform resource identifiers (URIs). It is a string of characters 
that gives a resource's file name (such as parking. html) but does not specify its type or exact location. 


Relying Party An entity that relies upon the subscriber's credentials, typically to process a transaction or 
grant access to information or a system. Verifier's assertion of a Claimant's identity, typically to process a 


transaction or grant access to information or a system. 


Relying Third Party The entity, such as a merchant, offering goods or services online that will 


receive a certificate as part of a process of completing transactions with the user. 


Remanence Residual information remaining on storage media after clearing, 
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Remediation Plan A plan to perform the remediation of one or more threats or 
vulnerabilities facing an organization’s systems. The plan typically includes options to remove threats and 


vulnerabilities and priorities for performing the remediation. 


Remediation The act of correcting vulnerability or eliminating a threat. Three possible types of 


remediation are installing a patch, adjusting configuration settings, or uninstalling a software application. 


Remote Access Tool Is a piece of software used to remotely access or control a computer. This 
tool can be used legitimately by system administrators for accessing the client computers. Remote Access tools, 
when used for malicious purposes, are known as a Remote Access Trojan (RAT). They can be used by a 
malicious user to control the system without the knowledge of the victim. Most of the popular RATs are 
capable of performing key logging, screen and camera capture, file access, code execution, registry management, 


password sniffing etc. 


Remote Access Access to an organizational information system by a user (or an information system acting 
on behalf of a user) communicating through an external network (e.g., the Internet). Access by users (or 
information systems) communicating external to an information system security perimeter. The ability for an 
organization’s users to access its nonpublic computing resources from external locations other than the 
organization’s facilities. Access to an organization's nonpublic information system by an authorized user (or an 
information system) communicating through an external, non-organization-controlled network (e.g., the 


Internet). 


Remote Authentication Dial-In User Service Database for authenticating modem and ISDN 
connections and for tracking connection time. Remote authentication dial-in user service. A protocol used to 


authenticate remote users and wireless connections. 


Remote Deposit Captures (RDC) A service that enables users at remote locations to scan digital images of 
checks and transmit the captured data to a financial institution or a merchant that is a customer of a financial 


institution. 


Remote Diagnostic Facility An off-premise diagnostic, | maintenance, — and 
programming facility authorized to perform functions on the Department computerized telephone system via 


an external network trunk connection. 


Remote Maintenance Maintenance activities conducted by individuals communicating external 
to an information system security perimeter. Maintenance activities conducted by individuals communicating 


through an external network (e.g., the Internet). 
Remote RekeyingProcedure by which a distant crypto-equipment is rekeyed electrically. 


Remote Work — A work site has traditionally referred to as a permanent space assigned to you within a 
building owned or leased by the County. The expansion of mobile computing and advanced communications 
increasingly empowers employees to perform their duties from field locations or work remotely. Remote tools 


such as a secure VPN via a 3g/4¢/S5¢g connection for staff with County notebooks . 


Removable Media Portable electronic storage media such as magnetic, optical, and solid-state 
devices, which can be inserted into and removed from a computing device, and that is used to store text, video, 
audio, and image information. Such devices have no independent processing capabilities. Examples include 
hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage 


devices. Portable electronic storage media such as magnetic, optical, and Solid-state devices, which can be 
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inserted into and removed from a computing device, and that is used to store text, video, audio, and image 
information. Examples include hard disks, floppy disks, zip drives, compact disks, thumb drives, pen drives, 


and similar USB storage devices. 


Renew (a certificate) The act or process of extending the validity of the data binding asserted by 


a public key certificate by issuing a new certificate. 


Repair Action | NSA-approved change to a COMSEC end-item that does not affect the original 
characteristics of the end-item and is provided for optional application by holders. Repair actions are limited 
to minor electrical and/or mechanical improvements to enhance operation, maintenance, or reliability. They 
do not require an identification label, marking, or control but must be fully documented by changes to the 


maintenance manual. 


Repeater A device that propagates electrical signals from one cable to another without making routing 


decisions or providing packet filtering. In OSI terminology, a repeater is a physical layer intermediate system. 


Repeaters A physical layer device that regenerates and propagates electrical signals between two 
network segments. Repeaters receive signals from one network segment and amplify (regenerate) the signal to 
compensate for signals (analog or digital) distorted by transmission loss due to reduction of signal strength 


during transmission (i.e., attenuation). 


Replay Attacks An attack that involves the capture of transmitted authentication or access control 
information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining 


unauthorized access. 


Replay (1) A type of security threat that occurs when an exchange is captured and resent at a later 
time to confuse the original recipients. (2) The ability to copy a message or stream of messages between two 


patties and replay (retransmit) them to one or more of the parties. 
Replication The process of keeping a copy of data through either shadowing or caching. 


Report Writing The process of accessing data from files and generating it as information in the form of 


output. 


Report Printed or displayed output that communicates the content of files and other activities. The 


output is typically organized and easily read. 


Reporting systems A system which individuals can use to report incidences of bullying and 


other abuse or incidents safely and confidentially and be sure they will be addressed promptly and effectively. 


Repositor A database containing information and data relating to certificates as specified in a CP; ma 
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also be referred to as a directory. 





Repudiation Denying that you did something, or sent some message. 


REQ (1) Protection Profile evaluation, IT security requirements. (2) Security Target evaluation, 


IT security requirements. 


Requirement Definition Document Defines all of the business requirements, prioritizes them in order of 


business importance, and places them in a formal comprehensive document. 


Reseller / Integrator An entity that sells and/or integrates payment applications but does not 
develop them. 


243 


Xingan Li & Peilin Li 


Reserve Keying Material Key held to satisfy unplanned needs. 


Residual Risk — The remaining potential risk after all IT security measures are applied. There is a residual 


tisk associated with each threat. Portion of risk remaining after security measures have been applied. 


Residue Data left in storage after information-processing operations are complete, but before 


degaussing or overwriting has taken place. 


Resilience Testing Testing of an institution’s business continuity and disaster recovery 


resumption plans. 


Resilience The ability to quickly adapt and recover from any known or unknown changes to the 
environment through holistic implementation of risk management, contingency, and continuity planning; The 
ability to continue to (1) operate under adverse conditions or stress, even if in a degraded or debilitated state, 
while maintaining essential operational capabilities; and (2) recover to an effective operational posture in a 


time frame consistent with mission needs. 


Resistance (1) The opposition to the flow of electric charge and is generally the function of the number 
of free electrons available to conduct the electric current. (2) Capability of a system to repel attacks. 


Resistor A component made of a material that has a specified resistance or opposition to the flow of 


electrical current. A resistor is designed to oppose but not completely obstruct the passage of electrical current. 


Resolution of a Printer The number of dots per inch (dpi) a printer produces, which is the same 


principle as the resolution in a monitor. 


Resolution of a Screen The number of pixels a screen has. Pixels (picture elements) are the dots 


that make up an image on the screen, 


Resonant Frequency The frequency where inductive reactance equals capacitive reactance. Helps 


to define the maximum current or maximum voltage in a circuit. 


Resource Encapsulation Method by which the reference monitor mediates accesses to an 
information system resource. Resource is protected and not directly accessible by a subject. Satisfies 


requirement for accurate auditing of resource usage. 


Resource Sharing In a computer system, the concurrent use of a resource by more than one user, job, or 


program. 


Resource In a computer system, any function, device, or data collection that can be allocated to users 


or programs. 
Responder The entity that responds to the initiator of the authentication exchange. 


Response The activities that address the short-term, direct effects of an incident and may also support 


short-term recovery. In cybersecurity, response encompasses both automated and manual activities. 
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Responsibility to Provide An information distribution approach whereby relevant essential 


information is made readily available and discoverable to the broadest possible pool of potential users. 





Responsible Individual A trustworthy person designated by a sponsoring organization to 


authenticate individual applicants seeking certificates on the basis of their affiliation with the sponsor. 


Restore The recovery of data following computer failure or loss. 
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Restricted Area A specifically designated and posted area in which classified information or material is 
located or in which sensitive functions are performed, access to which is controlled and to which only 


authorized personnel are admitted. 


Restricted Data All data concerning (1) design, manufacture, or utilization of atomic weapons; (2) the 
production of special nuclear material; or (3) the use of special nuclear material in the production of energy, 
but shall not include data declassified or removed from the Restricted Data category pursuant to Section 142 
[of the Atomic Energy Act of 1954]. 


Result of Interception Information relating to a target service, including the CC and IRI, which is 
passed by an NW0O/AP/SvP to an LEA. IRI shall be ptovided whether or not call activity is taking place. 


Retention Rules/ Requirements The length of time a public record must be retained in accordance with 


Oregon Public Record Laws. 


Return-Oriented Attacks An exploit technique in which the attacker uses control of the call stack to 
indirectly execute cherry-picked machine instructions immediately prior to the return instruction in 


subroutines within the existing program code. 


REV Security management, revocation. 
Revocation In the context of Public Key Infrastructure, the act of voiding a digital certificate. 
Revoke a Certificate To prematurely end the operational period of a certificate effective at a 


specific date and time. 


RF Shielding The application of materials to surfaces of a building, room, or a room 
within a room, that makes the surface largely impervious to electromagnetic energy. As a technical security 
countermeasure, it is used to contain or dissipate emanations from information processing equipment, and to 


prevent interference by externally generated energy. 


RFC Request for Comments. The document series, begun in 1969, that describes the Internet 
suite of protocols and related experiments. Not all (in fact, very few) RFCs describe Internet standards, but all 


Internet standards are written up as RFCs. 
RFI Radio Frequency Interference. 


RFID Radio Frequency Identification. A form of automatic identification and data capture (AIDC) 


that uses electric or magnetic fields at radio frequencies to transmit information. 


REP Request for Proposal. A formal document that describes in detail logical requirements for a 


proposed system and invites outsourcing organizations (vendors) to submit bids for its development. 


RFS Remote File System. A distributed file system, similar to NFS, developed by AT&T and 
distributed with their UNIX System V operating system. 

RGB Red, Green, Blue. Refers to a system for representing the colors to be used on a computer 
display. 

Richness Defined by three aspects of the information itself bandwidth (the amount of 


information), the degree to which the information is customized, and interactivity (the extent of two way 


communication). 
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Rijndael Cryptographic algorithm specified in the Advanced Encryption Standard (AES). 

Ring Side The side of the cable pair that when measured will read -48 V DC. 

RIP Routing Information Protocol. User data protection residual information protection. 

RISC (1) Reduced Instruction Set Computer. 

RISC (2) Reduced Instruction Set Computing. A method of processing by which the set of 


instructions available to the computer is a subset of that found on conventional computers. 


Risk Acceptance If the risk is within the enterprise's risk tolerance or if the cost of otherwise mitigating the 


tisk is higher than the potential loss, the enterprise can assume the risk and absorb any losses. 


Risk Analysis Risk assessment. The process of identifying the risks to system security and determining the 
likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of 


tisk management. Examination of information to identify the risk to an information system. 


Risk Assessment Methodology A risk assessment process, together with a risk model, assessment approach, 


and analysis approach. 


Risk Assessment Report The report which contains the results of performing a risk assessment or 


the formal output from the process of assessing risk. 


Risk Assessment The process of identifying risks to organizational operations (including mission, functions, 
image, or reputation), organizational assets, individuals, other organizations, and the Nation, arising through 
the operation of an information system; Part of risk management, incorporates threat and vulnerability 


analyses and considers mitigations provided by security controls planned or in place. 
Risk Assessor The individual, group, or organization responsible for conducting a risk assessment. 
Risk Avoidance The process for systematically avoiding risk, constituting one approach to managing risk. 


Risk Control Techniques that are employed to eliminate, reduce, or mitigate risk, such as inherent safe and 
secure (re)design techniques/ features, alerts, warnings, operational procedures, instructions for use, training, 


and contingency plans. 


Risk Evaluation Process to compare the results of risk analyses with risk criteria to find out if the risk level is 


acceptable. 


Risk Executive An individual or group within an organization that helps to ensure that (1) security risk- 
related considerations for individual information systems, to include the authorization decisions for those 
systems, are viewed from an organization-wide perspective with regard to the overall strategic goals and 
objectives of the organization in carrying out its missions and business functions; and (2) managing risk from 
individual information systems is consistent across the organization, reflects organizational risk tolerance, and 


is considered along with other organizational risks affecting mission/business success. 


Risk Exposure | The exposure to loss presented to an organization or individual by a risk; the product of the 


likelihood that the risk will occur and the magnitude of the consequences of its occurrence. 


Risk Index The disparity between the minimum clearance or authorization of system users and the 


maximum sensitivity (e.g., classification and categories) of data processed by a system. 


Risk Management Framework A structured approach used to oversee and manage risk for an enterprise. 
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Risk Management The process of identifying, analyzing, assessing, and communicating risk 
and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and 
benefits of any actions taken. Includes: (1) conducting a risk assessment; (2) implementing strategies to 
mitigate risks; (3) continuous monitoring of risk over time; and (4) documenting the overall risk management 


program. 


Risk Mitigation Prioritizing, evaluating, and implementing the appropriate risk —_ reducing 


controls/countermeasures recommended from the risk management process. 


Risk Model A key component of a risk assessment methodology (in addition to assessment approach and 


analysis approach) that defines key terms and assessable risk factors. 


Risk Modeling The creation of a model to estimate risk exposure, policy option efficacy and cost-benefit 


analysis of a particular threat and solution. 


Risk Monitoring Maintaining ongoing awareness of an organization's risk environment, risk management 


program, and associated activities to support risk decisions. 


Risk Reduction The implementation of controls or countermeasures to reduce the likelihood or impact of a 


tisk to a level within the organization’s risk tolerance. 
Risk Response Measure A specific action taken to respond to an identified risk. 


Risk Response Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (i.e., 


mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation. 


Risk Tolerance The level of risk an entity is willing to assume in order to achieve a potential desired result; 


the defined impacts to an enterprise‘s information systems that an entity is willing to accept. 


Risk Transfer The process of assigning risk to another enterprise, usually through the purchase of an 


insurance policy or by outsourcing the service. 
Risk Treatment The process of selection and implementation of measures to modify risk. 


Risk The level of impact on organizational operations (including mission, functions, image, or 
reputation), organizational assets, or individuals resulting from the operation of an information system given 
the potential impact of a threat and the likelihood of that threat occurring; The level of impact on 
organizational operations (including mission, functions, image, or reputation), organizational assets, 
individuals, other organizations, or the Nation resulting from the operation of an information system given the 


potential impact of a threat and the likelihood of that threat occurring, 


Risk-Based Data Management A structured approach to managing risks to data and information by which 
an organization selects and applies appropriate security controls in compliance with policy and commensurate 
with the sensitivity and value of the data. 

RJE Remote Job Entry. 


Rlogin Remote login. A UNIX utility that allows a user to login to a remote host on a network, as 
if it were directly connected, and make use of various services. Remote login is an information exchange 
between network-connected devices where the information cannot be reliably protected end-to-end by a single 


organization’s security controls. 


RLP Remote Location Protocol. 
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RMON Remote Monitoring. 


RNG Random Number Generator. A process used to generate an unpredictable series of numbers. 
Each individual value is called random if each of the values in the total population of values has an equal 
probability of being selected; RNGs used for cryptographic applications typically produce a sequence of zero 
and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic 
classes deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a 
sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is 


dependent on some unpredictable physical source that is outside human control. 


Robot A mechanical device equipped with simulated human senses and the capability of taking 


action on its own. 
Robotics The use of automated equipment for production work and other mechanical tasks. 


Robust Watermark a watermark, which is very resistant to destruction under any image 
manipulation. This is useful in verifying ownership of an image suspected of misappropriation. Digital 


detection of the watermark would indicate the source of the image. 


Robustness The ability of an Information Assurance entity to operate correctly and reliably across a wide 


range of operational conditions, and to fail gracefully outside of that operational range. 


ROE Rules of Engagement. Detailed guidelines and constraints regarding the execution of 
information security testing. The ROE is established before the start of a security test, and gives the test team 


authority to conduct defined activities without the need for additional permissions. 
Rogue Device — An unauthorized node on a network. 


Rogue Security Software Rogue security software, or “scareware,” masquerades as genuine security 
software, while in actuality reporting incorrect results of fake malware scans. Most people are tricked into 
installing rogue security software when a pop-up window appears on their screen informing them that their 


computer may be infected, or as a result of SEO poisoning. 
Rogue Wireless Access An unauthorized wireless node on a network. 


ROI Return on Investment. A measure of operating performance and efficiency, computed in its 


simplest form by dividing net income by the total investment over the period being considered. 


Role A group attribute that ties membership to function. When an entity assumes a role, the 
entity is given certain rights that belong to that role. When the entity leaves the role, those rights are removed. 
The rights given are consistent with the functionality that the entity needs to perform the expected tasks. 


Role-Based When mapped to job function, assumes that a person will take on different roles, over time, 


within an organization and different responsibilities in relation to IT systems. 


Roles and responsibilities Functions performed by someone in a specific situation and obligations to 


tasks or duties for which that person is accountable. 
Rollback Attack An attack where one forces communicating parties to agree on an insecure protocol version. 


Rollback (1) Restoration of a system to its former condition after it has switched to a fallback mode 
of operation when the cause of the fallback has been removed. (2) The restoration of the database to an 
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original position or condition often after major damage to the physical medium. (3) The restoration of the 


information processing facility or other related assets followin: sical destruction or damage. 
fe tion p g facility ther related ts foll g physical destruct damag 


ROM Read-Only Memory. Computer memory chips with preprogrammed circuits for storing such 


software as word processors and spreadsheets. 


Root Cause Analysis A principle-based, systems approach for the identification of underlying 
causes associated with a particular set of risks. It is a process of diagnosis to establish the origins of events, 


which can be used for learning from consequences, typically from errors and problems. 


Root Cause Underlying cause(s), event(s), conditions, or actions that individually or in combination led 


to the accident/incident; ptimary precursor event(s) that have the potential for being corrected. 


Root Certificate A certificate that is intrinsically trusted by entities in a Public Key Infrastructure 

generally should be transported over a secure medium. Root certificates belong to a Certification Authority 
and are used to sign other certificates that are deemed to be valid. When a system tries to establish the validity 
of a certificate, one of the first things that should happen is that it should look for a chain of trust to a known, 
trusted root certificate. That is, if the certificate to be validated is not signed by a root, one checks the 


certificate(s) used to sign it to determine if those were signed by a root cert. 


Root Refers to the most privileged access possible on a computer system. With root access, one 


can create, delete (or corrupt) anything on the system. 


Rootkits (1) User-level rootkits. Programs that “infect” program files that are executed by the user 
and run under the user account’s privileges (for example, the Explorer.exe or Word.exe program) (2) Kernel- 
level rootkits. Programs that “infect” functions belonging to the operating system kernel (i.e., the core 
Windows operating system) and are used by hundreds of applications (including the Windows API). Kernel- 
mode rootkits will modify (1.c., hijack) internal operating system functions that return lists of files, processes, 


and open ports . 


Roots A slang term for networks that have been hacked into by criminal hackers. Derives from the 
deep, or root, access that system administrators typically enjoy on a network or computer. The login details to 
get root access are often sold to spammers and phishing gangs who then use these networks to send out 


millions of e-mail messages. 


Rotary Dialing Or Pulse Dialing. The circular telephone dial. As it returns to its normal position, it opens 
and closes the electrical loop sent by the central office. Rotary dial telephones momentarily break the DC 
circuit to represent the digits dialed. 


Round Key Round keys are values derived from the Cipher Key using the Key Expansion routine; they 
are applied to the State in the Cipher and Inverse Cipher. 


Round In a block cipher, a group of operations applied as a unit that has an inverse that undoes the 
operation. Most block ciphers define a round operation and then apply that round operation numerous times 
though often applying a different key for each round, where the round key is somehow derived from the base 
key. 


Router (1) A system responsible for making decisions about which of several paths network (or 
Internet) traffic will follow. To do this, it uses a routing protocol to gain information about the network, and 
algorithms to choose the best route based on several criteria known as “routing metrics.” (2) A network node 


connected to two or more networks. It is used to send data from one network (such as 137.13.45.0) to a 
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second network (such as 43.24.56.0). The networks could both use Ethernet, or one could be Ethernet and 
the other could be ATM (or some other networking technology). As long as both speak common protocols 
(such as the TCP/IP protocol suite), they can communicate. 


RPC Remote Procedure Call. An easy and popular paradigm for implementing the client/server 
model of distributed computing. A request is sent to a remote system to execute a designated procedure, using 


arguments supplied, and the result returned to the caller. 


RPG Report Program Generator. A nonprocedural programming language used for many business 
applications. 

RPL Protection of the TSF; replay detection. 

RPO Recovery Point Objective. A measurement of the point prior to an outage to which data are 


to be restored. 


RSA A public key cryptosystem developed by Rivest, Shamir and Adleman. The RSA has two 
different keys, the public encryption key and the secret decryption key. The strength of the RSA depends on 
the difficulty of the prime number factorization. For applications with high-level security, the number of the 
decryption key bits should be greater than 512 bits. RSA is used for both encryption and digital signatures. 


RSASSA-PSS A padding standard defined in PKCS #1, used for padding data prior to RSA signing 


operations. 


RSN Robust Security Network. A wireless security network that only allows the creation 
of Robust Security Network Associations (RSNAs). 


RSNA Robust Security Network Association. A logical connection between communicating IEEE 
802.11 entities established through the IEEE 802.1 1i key management scheme, also known as the four-way 
handshake. 


RSS Really Simple Syndication, An internet based technology that allows the distribution of 
Web content through an RSS reader. Using RSS, news articles, press releases, and other content can be 


gathered together and distributed via news feeds on an RSS server connected to the internet. 
RTFM Read the “fine” manual. 


RTMP Routing Table Maintenance Protocol. The protocol by which routers kept each other 
informed about the topology of the network. This was the only part of AppleTalk that required periodic 
unsolicited broadcasts: every 10 seconds, each router had to send out a list of all the network numbers it knew 


about and how far away it thought they were. 


RTO Recovery Time Objective. The amount of time allowed for the recovery of a business 


function or resource after a disaster occurs. 
RTP Real-Time Transport Protocol. 
RTSP Real Time Streaming Protocol. An official Internet standard (RFC 2326) for delivering and 


receiving streams of data such as audio and video. The standard allows for both real-time ("live'') streams of 


data and streams from stored data. 


Rule Based Expert The type of expert system that expresses the problem-solving process as 


rules. 
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Rule Set A table of instructions used by a controlled interface to determine what data is allowable and 
how the data is handled between interconnected systems. A set of directives that govern the access control 
functionality of a firewall. The firewall uses these directives to determine how packets should be routed 


between its interfaces. 


Rule-Based Security Policy A security policy based on global rules imposed for all subjects. These 
tules usually rely on a comparison of the sensitivity of the objects being accessed and the possession of 
corresponding attributes by the subjects requesting access; A security policy based on global rules imposed for 
all subjects. These rules usually rely on a comparison of the sensitivity of the objects being accessed and the 


possession of corresponding attributes by the subjects requesting access. Also known as discretionary access 


control (DAC). 


Rules of BehaviorThe rules that have been established and implemented concerning use of, security in, and 
acceptable level of risk for the system. Rules will clearly delineate responsibilities and expected behavior of all 
individuals with access to the system. Rules should cover such matters as working at home, dial-in access, 
connection to the Internet, use of copyrighted works, unofficial use of federal government equipment, the 


assignment and limitation of system privileges, and individual accountability. 


Ruleset A table of instructions used by a controlled interface to determine what data is allowable and 
how the data is handled between interconnected systems. A set of directives that govern the access control 
functionality of a firewall. The firewall uses these directives to determine how packets should be routed 


between its interfaces. 


RVM Protection of the TSF, reference mediation. 

RVS Relative Value Scale. 

S/ Key A popular One-time password system. 

S/MIME Secure/ Multipurpose Internet Mail Extensions. A set of specifications for securing 


electronic mail. S/MIME is based upon the widely used MIME standard [MIME] and describes a protocol 
for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted 
objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message 
integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing 


lists, and an extended method of identifying the signer’s certificate(s). 


SA (1) Source Address. 

SA (2) Security Association. 

SAA Security audit analysis. 

SaaS Software as a Service. Offers the capability to use the provider’s applications running on 


cloud infrastructure. The applications are accessible from various client devices through a thin client interface 


such as a web browser (e.g., web-based e-mail). 


SABM Set asynchronous balanced mode. 
SABME Set asynchronous balanced mode extended. 
Sabotage the word comes from the French for wooden shoe (sabot). Such footwear made a handy 


weapon for throwing into the gears of new mechanical systems that were causing unemployment during the 
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industrial revolution of the 18th and 19th centuries. The term now means any deliberate damage to operations 


or equipment. 


SACL System Access Control List. In Windows, the part of an ACL that determines audit logging 
policy. 

SAE Security management, security attribute expiration. 

Safe Harbor Principles The set of rules to which U.S. businesses that want to trade with the 
European 

Safeguard A practice, procedure or mechanism that reduces risk. 

Safeguarding Statement Statement affixed to a computer output or printout that states the highest 


classification being processed at the time the product was produced and requires control of the product, at that 


level, until determination of the true classification by an authorized individual. 


Safeguards Protective measures prescribed to meet the security requirements (i.e, confidentiality, 
integrity, and availability) specified for an information system. Safeguards may include security features, 


management constraints, personnel security, and security of physical structures, areas, and devices. 


Safety Integrity Level An indicator of the required level of safety integrity; the level of safety 
integrity that must be achieved and demonstrated. 


Safety Integrity (1) The likelihood of a safety-related system, function, or component achieving its required 
safety features under all stated conditions within a stated measure of use. (2) The probability of a safety- 
related system satisfactorily performing the required safety functions under all stated conditions within a stated 


period of time. 


Safety Kernel An independent computer program that monitors the state of the system to determine when 
potentially unsafe system states may occur or when transitions to potentially unsafe system states may occur. A 
safety kernel is designed to prevent a system from entering an unsafe state and retaining or returning it to a 


known safe state. 


Safety-Critical Software Software that performs or controls functions which, if executed 
erroneously or if they failed to execute properly, could directly inflict serious injury to people, property, or the 


environment or cause loss of life. 


Safety-Critical A term applied to any condition, event, operation, process, or item whose proper recognition, 
control, performance, or tolerance is essential to safe system operation and support (such as a safety-critical 


function, safety-critical path, or safety-critical component. 


Safety-Related Software Software that performs or controls functions that are activated to prevent 


or minimize the effect of a failure of a safety-critical system. . 


SAISO Senior Agency Information Security Officer. Official responsible for carrying out the Chief 
Information Officer responsibilities under the Federal Information Security Management Act (FISMA) and 
serving as the Chief Information Officer’s primary liaison to the agency’s authorizing officials, information 


system owners, and information system security officers. 
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Salami Theft technique of accumulating round-off errors or other small quantities in calculations and 
saving them up for later withdrawal; usually applied to money, although it can be part of an inventory-theft 


scheme (for example). 
Sales Force Automation (SFA) System Automatically tracks all of the steps in the sales process. 


Salt A non-secret value that is used in a cryptographic process, usually to ensure that the results 


of computations for one instance cannot be reused by an Attacker. 


SAML Security Assertion Markup Language. An XML-based security specification developed by 
the Organization for the Advancement of Structured Information Standards (OASIS) for exchanging 
authentication (and authorization) information between trusted entities over the Internet; A framework for 
exchanging authentication and authorization information. Security typically involves checking the credentials 
presented by a party for authentication and authorization. SAML standardizes the representation of these 
credentials in an XML format called assertions, enhancing the interoperability between disparate applications. 
A protocol consisting of XML-based request and response message formats for exchanging security 


information, expressed in the form of assertions about subjects, between online business partners. 


Sandboxes In computer security, a sandbox is a security mechanism for separating running programs. It 
is often used to execute untested code, or untrusted programs from unverified third parties, suppliers, 


untrusted users and untrusted websites. 


Sandboxing A method of isolating application modules into distinct fault domains enforced by software. 
The technique allows untrusted programs written in an unsafe language, such as C, to be executed safely within 
the single virtual address space of an application. Untrusted machine interpretable code modules are 
transformed so that all memory accesses are confined to code and data segments within their fault domain. 
Access to system resources can also be controlled through a unique identifier associated with each domain. A 
restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, 


from accessing any system resources except those for which the software is authorized. 


Sanitization (1) Removing the classified content of an otherwise unclassified resource. (2) Removing any 


information that could identify the source from which the information came. 
Sanitize The degaussing or overwriting of information on magnetic or other storage media. 


Sanitized data 


SAP (1) Service Access Point. 
SAP (2) Service Advertisement Protocol (Novell). 
SAQ Self-Assessment Questionnaire. PCI DSS validation tool used to document self-assessment 


results from an entity’s PCI DSS assessment. 


SAR Security Audit Review. 
SAS Single Attached Station. 
SASL The Simple Authentication and Security Layer, which is a method for adding authentication 


services to network protocols somewhat generically. It is also capable of providing key exchange in many 


circumstances. 


Satellite Modem A modem that allows Internet access from a satellite dish. 
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S-box Nonlinear substitution table used in several byte substitution transformations and in the Key 


Expansion routine to perform a one for-one substitution of a byte value. 


SCADA Systems Supervisory Control and Data Acquisition. In the cybersecurity context usually refers to 
industrial control systems that control infrastructure such as electrical power transmission and distribution, 
water treatment and distribution, wastewater collection and treatment, oil and gas pipelines and large 
communication systems. The focus is on whether as these systems are connected to the public Internet they 


become vulnerable to a remote attack. 


SCADA Supervisory Control and Data Acquisition. Is a generic name for a computerized system that 
is capable of gathering and processing data and applying operational controls over long distances. Typical uses 
include power transmission and distribution and pipeline systems. SCADA was designed for the unique 
communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as 
phone lines, microwave, and satellite. Usually shared rather than dedicated; Networks or systems generally used 
for industrial controls or to manage infrastructure such as pipelines and power systems; a process control 
application or system that collects data from sensors and machines locally or in remote locations and sends 


them to a central computer for management and control. 


Scalability The likelihood that an artifact can be extended to provide additional functionality with little 


or no additional effort. 


Scannable Resume Or ASCII resume, plain-text resume. Designed to be evaluated by skills- 


extraction software and typically contains all resume content without any formatting. 
Scanner Captures images, photos, and artwork that already exist on paper. 


Scanning Sending packets or requests to another system to gain information to be used in a 


subsequent attack, 


SCAP Security Content Automation Protocol. A method for using specific standardized testing 
methods to enable automated vulnerability management, measurement, and policy compliance evaluation 


against a standardized set of security requirements. 


Scareware Software or web site that purports to be security software reporting a threat against a user's 


computer to convince the user to purchase unneeded software or install malware. 


Scatternet A chain of piconets created by allowing one or more Bluetooth devices to each be a slave in 
one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be 


networked over an extended distance. 


Scavenging Using discarded listings, tapes, or other information storage media to determine useful 
information such as access codes, passwords, or sensitive data. Finding a listing for the source code for a new 
version of a popular proprietary program could be highly profitable for a computer crook. Also known as 


Dumpster diving. 


Scheduling Program A systems program that schedules and monitors the processing of 


production jobs in the computer system, 


SCHIP The State Children’s Health Insurance Program. 


254 


Dictionary of Cyber Security 


SCI Sensitive Compartmented Information. Classified information concerning or derived from 
intelligence sources, methods, or analytical processes, which is required to be handled within formal access 


control systems established by the Director of National Intelligence. 


SCIF Sensitive Compartmented Information Facility. Accredited area, room, or group of rooms, 


buildings, or installation where SCI may be stored, used, discussed, and/or processed. 
SCL Security certification level. 


SCM System Supply Chain Management System. Tracks inventory and information among business 


rocesses and across companies. 
P P 
Scope creep Occurs when the scope of the project increases. 


Scoping Guidance A part of tailoring guidance providing organizations with specific policy or 
regulatory-related, technology-related, system component allocation-related, operational or environmental- 
related, and physical infrastructure-related, public access-related, scalability-related, common control-related, 
and security objective-related considerations on the applicability and implementation of individual security 
controls in the security control baseline; Specific factors related to technology, infrastructure, public access, 
scalability, common security controls, and risk that can be considered by organizations in the applicability and 


implementation of individual security controls in the security control baseline. 


SCP Service Control Points. The local versions of the national 800 number database. They 
contain the intelligence to screen the full ten digits of an 800 number and route calls to the appropriate long 


distance carrier. 


SCP Switch Control Point; Service Control Point. Provides computer services, such as database 


information, that defines the possible services and their logic. 


SCR Secure Card Reader. A PTS-approved device that attaches to a mobile phone or tablet for 
securely accepting payment cards. PC] PTS-approved SCRs protect and encrypt the card data via SRED. 


Screen Name On-line name or nickname, an alias used in Cyberspace. 


Screen Scraper A virus or physical device that logs information sent to a visual display to capture private or 


personal information. 


Screen Shot Used to describe the action of capturing your computer desktop or anything shown on your 


computer screen to a static image file. Some people also call it a screen grab. 
Script Bunny Someone who would like to be a hacker but does not have much technical expertise. 


Script Kiddie A script kiddie is often, but not always, a juvenile hacker; an attacker who 
uses scripts or programs developed by more sophisticated cybercriminals. Oftentimes the underlying 


motivation for a script kiddie’s attack is simply to garner the attention of peers. 


Scripts Any simple program, especially using a scripting or macro language; in computer crime work, 


however, scripts usually refer to automated systems for executing exploits. 
SDH Synchronous digital hierarchy. 


SDI User data protection, stored data integrity. 
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SDK Software Development Kit. A software development kit (SDK or “devkit”) is typically a set 
of software development tools that allows the creation of applications for a certain software package, software 
framework, hardware platform, computer system, video game console, operating system, or similar 


development platform. 


SDLC Systems Development Life Cycle. (1) The classical operational development methodology 
that typically includes the phases of requirements gathering, analysis, design, programming, testing, integration, 
and implementation. (2) The systematic systems building process consisting of specific phases; for example, 
preliminary investigation, requirements determination, systems analysis, systems design, systems development, 


and systems implementation, 


SDMI Secure Digital Music Initiative. Forum of more than 160 companies and organizations 
representing a broad spectrum of information technology and consumer electronics businesses, Internet service 
providers, security technology companies, and members of the worldwide recording industry working to 
develop voluntary, open standards for digital music. SDMI is helping to enable the widespread Internet 
distribution of music by adopting a framework that artists and recording and technology companies can use to 
develop new business models helping to enable the widespread Internet distribution of music by adopting a 


framework that artists and recording and technology companies can use to develop new business models. 


SDO Service Delivery Objective. Directly related to the business needs, SDO is the level of 
services to be reached during the alternate process mode until the normal situation is restored. 

SDSL Symmetric Digital Subscriber Line. A version of DSL where the upload speeds and 
download speeds are the same. 

SDU Service data unit. 

Search Engine Poisoning Search engine poisoning exploits the use of search engines to spread 


malware and viruses. This practice is becoming more prominent as a means of stealing credit card information. 
Generally, hackers will employ black hat SEO methods to gain higher search rankings for particular terms that 


launch rogue antivirus software upon clicking, followed by collecting credit card information. 


Search Engine A program that searches documents or indexes of documents for specified words or phrases 


and returns a list of the documents where those items were found. 


SecaaS Security as a Service. The next generation of managed security services dedicated to the 


delivery, over the Internet, of specialized information-security services. 


SECDNS Secure DNS. Configuring and operating DNS servers so that the security goals of data 


integrity and source authentication are achieved and maintained. 


Second-Generation DRM Covers description, identification, trading, protection, monitoring and 
tracking of all forms of rights usages over both tangible and intangible assets including management of rights 
holders’ relationships. It is important to note that DRM manages all rights, not just those involving digital 
content. Additionally, it is important to note that DRM is the digital management of rights and not the 
"management of digital rights". That is, DRM manages all rights, not only the rights applicable to 


permissions over digital content. 


Secrecy A security principle that keeps information from being disclosed to anyone not authorized 


to access it. 
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Secret Key (symmetric) Cryptographic Algorithm A cryptographic algorithm that uses a single secret key 
for both encryption and decryption; A cryptographic algorithm that uses a single key (i.e., a secret key) for 
both encryption and decryption. 


Secret Key Cryptography A cryptographic system where encryption and decryption are performed 


using the same key. 


Secret Key A cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that 
is uniquely associated with one or mote entities and is not made public. The use of the term secret in this 
context does not imply a classification level, but rather implies the need to protect the key from disclosure. A 
cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one 
or more entities and is not made public. The use of the term secret in this context does not imply a 


classification level, but rather implies the need to protect the key from disclosure. 
Secret Seed A secret value used to initialize a pseudorandom number generator. 


Secure Communication Protocol A communication protocol that provides the appropriate confidentiality, 


authentication, and content-integrity protection. 


Secure Communications Telecommunications deriving security through use of NSA-approved 


products and/or Protected Distribution Systems. 


Secure Erase An overwrite technology using firmware-based process to overwrite a hard 
drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs 
inside drive hardware. It completes in about I /8 the time of 5220 block erasure. 


Secure Hash Standard This Standard specifies secure hash algorithms -SHA-I, SHA-224, SHA- 
256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of 
electronic data (message). When a message of any length less than 264 bits (for SHA-I, SHA-224 and SHA- 
256) or less than 2128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash 
algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 
bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic 
algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the 
generation of random numbers (bits). The hash algorithms specified in this Standard are called secure because, 
for a given algorithm, it is computationally infeasible (1) to find a message that corresponds to a given message 
digest, or (2) to find two different messages that produce the same message digest. Any changes to a message 
will, with a very high probability, result in a different message digests. This will result in a verification failure 
when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message 
authentication algorithm. Specification for a secure hash algorithm that can generate a condensed message 


representation called a message digest. 


Secure Interoperability The ability to have secure, successful transactions. Today’s interoperability 
expands that previous focus to also include information assurance considerations, and include the requirement 
to formally assess whether that traditional, successful transaction is also secure (i.e., secure interoperability 


meaning a secure, successful transaction exists). 


Secure Operating System An operating system that effectively controls hardware, software, and 
firmware functions to provide the level of protection appropriate to the value of the data resources managed 


by this operating system. 
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Secure Room Any toom with floor-to-ceiling, slab-to-slab construction of some 
substantial material, i.e, concrete, brick, cinder block, plywood, or plaster board. Any window areas or 
penetrations of wall areas over 15.25 cm (six inches) must be covered with either grilling or substantial type 
material, Entrance doors must be constructed of solid wood, metal, etc., and be capable of holding a DS- 


approved three-way combination lock with interior extension. 
Secure State Condition in which no subject can access any object in an unauthorized manner. 


Secure Subsystem subsystem containing its own implementation of the reference monitor concept for those 
resources it controls. Secure subsystem must depend on other controls and the base operating system for the 


control of subjects and the more primitive system objects. 


Secure Voice Systems in which transmitted conversations are encrypted to make them 
unintelligible to anyone except the intended recipient. Within the context of Department security standards, 


secure voice systems must also have protective features included in the environment of the systems terminals. 


Securely Provision A NICE Workforce Framework category consisting of specialty areas 
concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect 


of the systems’ development. 


Security Anomaly An irregularity possibly indicative of a security breach, an attempt to breach security, or of 


noncompliance with security standards, policy, or procedures. 


Security Association A security association is a set of parameters which defines all the security 
services and mechanisms used for protecting the communication. A security association is bound to a specific 


security protocol. 


Security AttributeA security-related quality of an object. Security attributes may be represented as hierarchical 
levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security 
attributes; An abstraction representing the basic properties or characteristics of an entity with respect to 
safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within 
the information system which are used to enable the implementation of access control and flow control 
policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the 


information security policy. 


Security Audit | An examination of data security procedures and measures to evaluate their adequacy and 


compliance with established policy. 


Security Automation Domain Is an information security area that includes a grouping of tools, 


technologies, and data. 


Security Automation The use of information technology in place of manual processes for 


incident response and management. 


Security Banner A banner at the top or bottom of a computer screen that states the overall classification of 
the system in large, bold type. Also can refer to the opening screen that informs users of the security 


implications of accessing a computer resource. 


Security Category The characterization of information or an information system based on an assessment of the 
potential impact that a loss of confidentiality, integrity, or availability of such information or information 


system would have on organizational operations, organizational assets, or individuals. The characterization of 
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information or an information system based on an assessment of the potential impact that a loss of 
confidentiality, integrity, or availability of such information or information system would have on 


organizational operations, organizational assets, individuals, other organizations, and the Nation, 


Security Code A three- or four-digit value printed onto the front or back signature panel of a payment card. 
This code is uniquely associated with an individual card and is used as an additional check to ensure that the 
card is in possession of the legitimate cardholder, typically during a card-not-present transaction. Also referred 


to as card security code. 


Security CONOP Security Concept of Operations. A security-focused description of an 
information system, its operational policies, classes of users, interactions between the system and its users, and 


the system’s contribution to the operational mission. 


Security Control Assessment The testing and/or evaluation of the management, operational, and 
technical security controls in an information system to determine the extent to which the controls are 
implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the 
security requirements for the system; The testing and/or evaluation of the management, operational, and 
technical security controls to determine the extent to which the controls are implemented correctly, operating 
as intended, and producing the desired outcome with respect to meeting the security requirements for the 


system and/or enterprise. 


Security Control Assessor The individual, group, or organization responsible for conducting a 


security control assessment. 


Security Control Baseline The set of minimum security controls defined for a low-impact, moderate- 


impact, or high-impact information system. 


Security Control Effectiveness The measure of correctness of implementation (i.e, how consistently the 
control implementation complies with the security plan) and how well the security plan meets organizational 


needs in accordance with current risk tolerance. 


Security Control Enhancements Statements of security capability to 1) build in additional, but related, 
functionality to a basic control; and/or 2) increase the strength of a basic control. Statements of security 
capability to (i) build in additional, but related, functionality to a security control; and/or (ii) increase the 
strength of the control. 


Security Control Inheritance A situation in which an information system or application receives 
protection from security controls (or portions of security controls) that are developed, implemented, assessed, 
authorized, and monitored by entities other than those responsible for the system or application; entities either 


internal or external to the organization where the system or application resides. 


Security Controls Baseline The set of minimum security controls defined for a low- 


impact, moderate-impact, or high-impact information system. 


Security Controls The management, operational, and technical controls (i.e., safeguards or countermeasures) 
prescribed for an information system to protect the confidentiality, integrity, and availability of the system and 


its information. 


Security Domain Is a collection of entities to which applies a single security policy executed by a single 


authority; A domain that implements a security policy and is administered by a single authority. 


259 


Xingan Li & Peilin Li 


Security Engineering An interdisciplinary approach and means to enable the realization of 
secure systems. It focuses on defining customer needs, security protection requirements, and required 
functionality early in the systems development life cycle, documenting requirements, and then proceeding with 


design, synthesis, and system validation while considering the complete problem. 


Security Equipment Protective devices such as intrusion alarms, safes, locks, and destruction 


equipment which provide physical or technical surveillance protection as their primary purpose. 


Security Evaluation An evaluation done to assess the degree of trust that can be placed in 
systems for the secure handling of sensitive information. One type, a product evaluation, is an evaluation 
performed on the hardware and software features and assurances of a computer product from a perspective 
that excludes the application environment. The other type, a system evaluation, is done for the purpose of 
assessing a system’s security safeguards with respect to a specific operational mission and is a major step in the 


certification and accreditation process. 


Security Filter A set of software or firmware routines and techniques employed in a computer system to 


prevent automatic forwarding of specified data over unprotected links or to unauthorized persons. 


Security Functions The hardware, software, and/or firmware of the information system 
responsible for enforcing the system security policy and supporting the isolation of code and data on which 


the protection is based. 
Security Goals The five security goals are confidentiality, availability, integrity, accountability, and assurance. 


Security Holes A security hole, also generally referred to as a computer vulnerability, is a flaw or 
susceptibility in a system that can be exploited. If discovered, security holes are gateways for hackers to install 


malicious software and possibly initiate a zero day attack if not discovered and patched by the vendor. 


Security Impact Analysis The analysis conducted by an organizational official to determine the 


extent to which changes to the information system have affected the security state of the system. 


Security Incident Any act or circumstance that involves classified information that deviates from the 
requirements of governing security publications. For example, compromise, possible compromise, inadvertent 


disclosure, and deviation. 


Security Inspection Examination of an information system to determine compliance with 


security policy, procedures, and practices. 


Security Kernel Hardware, firmware, and software elements of a trusted computing base implementing the 
reference monitor concept. Security kernel must mediate all accesses, be protected from modification, and be 


verifiable as correct. 


Security Label | The means used to associate a set of security attributes with a specific information object as 
part of the data structure for that object; a marking bound to a resource (which may be a data unit) that names 


or designates the security attributes of that resource. 


Security Level A hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according 


to the security policy being enforced, a specific level of protection. 


Security Log A record that contains login and logout activity and other security-related events and that is 


used to track security-related information on a computer system, 
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Security Management Dashboard A tool that consolidates and communicates information relevant to the 


organizational security posture in near real-time to security management stakeholders. 


Security Markings Human-readable indicators applied to a document, storage media, or 
hardware component to designate security classification, categorization, and/or handling restrictions 
applicable to the information contained therein. For intelligence information, these could include 


compartment and sub-compartment indicators and handling restrictions. 
P P 8 


Security Mechanism A device designed to provide one or more security services usually rated in 


terms of strength of service and assurance of the design. 


Security Metrics A standard of measurement used to measure and monitor information security-related 


information security activity. 


Security Net Control Station Management system overseeing and controlling implementation of 


network security policy. 
Security Objective Confidentiality, integrity, or availability of information. 


Security Perimeter A physical or logical boundary that is defined for a system, domain, or 


enclave, within which particular security policy or security architecture is applied. 


Security Plan Formal document that provides an overview of the security requirements for an information 
system or an information security program and describes the security controls in place or planned for meeting 


those requirements. 


Security Policy Model A formal presentation of the security policy enforced by the system. It 
must identify the set of rules and practices that regulate how a system manages, protects, and distributes 


sensitive information. 


Security Policy The statement of required protection of the information objects; a set of criteria for the 
provision of security services. It defines and constrains the activities of a data processing facility in order to 


maintain a condition of security for systems and data. 


Security Posture The security status of an enterprise’s networks, information, and systems based on 
information assurance resources (e.g., people, hardware, software, and policies) and capabilities in place to 


manage the defense of the enterprise and to react as the situation changes. 


Security Process The series of activities that monitor, evaluate, test, certify, accredit, and maintain the system 


accreditation throughout the system life cycle. 


Security Program Management In the NICE Workforce Framework, cybersecurity work where a person 
manages information security (e.g., information security) implications within the organization, specific 
program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, 


emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security 


Officer). 


Security Program Plan Formal document that provides an overview of the security requirements 
for an organization-wide information security program and describes the program management security 


controls and common security controls in place or planned for meeting those requirements. 
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Security Program A systems program that controls access to data in files and permits only authorized use of 
terminals and other related equipment. Control is usually exercised through various levels of safeguards 


assigned on the basis of the user’s need-to-know. 


Security Purpose The IS security purpose is to provide value by enabling an organization to meet all 
mission/business objectives while ensuring that system implementations demonstrate due care consideration of 


tisks to the organization and its customers. 


Security Range Highest and lowest security levels that are permitted in or on an information system, system 


component, subsystem, or network, 


Security Requirements Baseline A description of minimum requirements necessary for a system to 


maintain an acceptable level of security. 


Security Requirements Traceability Matrix (SRTM) Matrix that captures all security requirements linked to 
potential risks and addresses all applicable C&A requirements. It is, therefore, a correlation statement of a 


system's security features and compliance methods for each security requirement. 


Security Requirements Requirements levied on an information system that are derived from 
applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or 
organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the 


information being processed, stored, or transmitted. 


Security Safeguards Protective measures and controls prescribed to meet the security 
requirements specified for an information system. Safeguards may include security features, management 


constraints, personnel security, and security of physical structures, areas, and devices. 


Security Service Is a capability that supports one, or many, of the security goals. Examples of security services 
are key management, access control, and authentication; A capability that supports one, or more, of the 
security requirements (Confidentiality, Integrity, Availability), Examples of security services are key 


management, access control, and authentication. 


Security Software Identifies and protects against threats or vulnerabilities that may compromise your computer 


or your personal information; includes anti-virus and anti-spyware software and firewalls. 


Security Strength A measure of the computational complexity associated with recovering certain secret and/or 
security-critical information concerning a given cryptographic algorithm from known data (eg. 
plaintext/ ciphertext pairs for a given encryption algorithm). A number associated with the amount of work 
(that is, the number of operations) that is required to break a cryptographic algorithm or system; sometimes 


referred to as a security level. 


Security Tag Information unit containing a representation of certain security related information (e.g., a 


restrictive attribute bit map). 


Security Target Common Criteria specification that represents a set of security requirements to be used as 


the basis of an evaluation of an identified Target of Evaluation (TOE). 


Security Testing A process used to determine that the security features of a system are implemented as 


designed. This includes hands-on functional testing, penetration testing, and verification, 


Security Trade-Ofts There is no single correct level of security; how much security you have 


depends on what you're willing to give up in order to get it. This trade-off is, by its very nature, subjective 
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security decisions are based on personal judgments. Different people have different senses of what constitutes a 
threat, or what level of risk is acceptable. What’s more, between different communities, or organizations, or 
even entire societies, there is no agreed-upon way in which to define threats or evaluate risks, and the modern 


technological and media-filled world makes these evaluations even harder. 


Security (1) Freedom from undesirable events, such as malicious and accidental misuse; how well a 
system resists penetrations by outsiders and misuse by insiders. (2) The protection of system resources from 
accidental or malicious access, use, modification, destruction, or disclosure. (3) The protection of resources 
from damage and the protection of data against accidental or intentional disclosure to unauthorized persons or 


unauthorized modifications or destruction. Security concerns transcend the boundaries of an automated system. 


Security-Relevant Change Any change to a system’s configuration, environment, information content, 


functionality, or users which has the potential to change the risk imposed upon its continued operations. 


Security-Relevant Event An occurrence (eg., an auditable event or flag) considered to have 
potential security implications to the system or its environment that may require further action (noting, 


investigating, or reacting). 


Security-Relevant Information Any information within the information system that can potentially 
impact the operation of security functions in a manner that could result in failure to enforce the system 


security policy or maintain isolation of code and data. 


Seed Key Initial key used to start an updating or key generation process. 
Seed A value used to initialize a pseudo-random number generator. 
Seepage The accidental flow, to unauthorized individuals, of data or information that is presumed to 


be protected by computer security safeguards. 


SEG Secure email gateway. Email security gateways protect enterprises from threats such as spam 
and phishing attacks. 
SEIM Security Event and Information Management. Centralized collection and management of 


security event records from many different systems such as firewalls, IDS/IPS, antivirus software, 
authentication systems, etc. SEIMs may provide complex multifactor rules to alert on patterns of behavior not 


easily identifiable by one of the component systems alone. 
SEL Security audit event selection, 


Selection A program control structure created in response to a condition test in which one of two or 


more processing paths can be taken. 


Self Sourcing The development and support of IT systems by knowledge workers with little or no help 
from IT specialists. 


Selfie A picture taken by the photographer who is also the subject of the photograph that is 


planned to be uploaded to a social networking site. 


Self-Organizing Neural Network A network that finds patterns and relationships in vast amounts of data by 
itself. 


Self-Signed Certificate A certificate signed by the private key associated with that certificate. In an 
X.509 Public Key Infrastructure, all certificates need to be signed. Since root certificates have no third-party 
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signature to establish their authenticity, they are used to sign themselves. In such a case, trust in the certificate 


must be established by some other means. 
Selling Prototype A prototype used to convince people of the worth of a proposed system. 


Semagram Semantic Symbol. Semagrams are associated with a concept and do not use writing to hide a 


message. 


Semiconductor Material used in electronic components that possesses electrical conducting qualities of 


conductors and resistors. 


Semi-Quantitative Assessment Use of a set of methods, principles, or rules for assessing risk based on 


bins, scales, or representative numbers whose values and meanings are not maintained in other contexts. 


Sensitive Authentication Data Security-related information used to authenticate cardholders and/or 


authorize payment card transactions, stored on the card’s magnetic stripe or chip. 


Sensitive Customer Information A customer’s name, address, or telephone number, in conjunction with the 
customer’s social security number, driver’s license number, account number, credit or debit card number, or a 
personal identification number or password that would permit access to the customer’s account. Sensitive 
customer information also includes any combination of components of customer information that would 
allow someone to log onto or access the customer’s account, such as user name and password or password and 


account number. 


Sensitive Data Data that is considered confidential or proprietary. The kind of data that, if disclosed to a 


competitor, might give away an advantage. 


Sensitive Information Any information that requires protection and that should not be made 


generally available. 


Sensitive Intelligence Information Such intelligence information, the unauthorized disclosure of which would 
lead to counteraction (1) jeopardizing the continued productivity of intelligence sources or methods which 
provide intelligence vital to the national security; or (2) offsetting the value of intelligence vital to the national 


security. 


Sensitive Unclassified Information Any information, the loss, misuse, or unauthorized access to or 
modification of which could adversely affect the national interest or the conduct of federal programs, or the 
privacy to which individuals are entitled under 5 U.S.C Section 552a (the Privacy Act), but that has not been 
specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret 


in the interest of national defense or foreign policy. 


Sensitivity Attributes User-supplied indicators of file sensitivity that the system uses to enforce 


an access control policy. 


Sensitivity Label A hierarchical classification and a set of nonhierarchical components that are used by 


mandatory access controls to define a process’s resource access rights. 


Sensitivity An information technology environment consists of the system, data, and applications, 
which must be examined individually and in total. All systems and applications require some level of 
protection for confidentiality, integrity, and availability. This level of protection is determined by an 
evaluation of the sensitivity and criticality of the information processed, the relationship of the system to the 


organization’s mission, and the economic value of the system components. 
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Sequential Organization The physical arrangement of records in a sequence that corresponds with 


their logical key. 


Serial Connector Usually has 9 holes but may have 25 that fit into the corresponding number of pins in the 


port. Serial connectors are often used for monitors and certain types of modems. 
Serial Organization The physical arrangement of records in a sequence. 


Serial Processing The processing of records in the physical order in which they appear in a file or on an input 


device. 


Serpent A modern block cipher with 128-bit blocks and variable-sized keys. A finalist in the AES 
competition, Serpent has a higher security margin by design than other candidates, and is a bit slower on 


typical 32-bit hardware as a result. 
Server Farm A location that stores a group of servers in a single place. 


Server A computer, or a software package, that provides a specific kind of service to client software 
running on other computers. The term can refer to a particular piece of software, such as a WWW server, or 
to the machine on which the software is running, e.g. "Our mail server is down today, that's why e-mail isn't 
getting out." A single server machine can (and often does) have several different server software packages 
running on it, thus providing many different servers to clients on the network. Sometimes server software is 
designed so that additional capabilities can be added to the main program by adding small programs known as 


servlets. 


Service Control The ability of the user, home environment, or serving environment to determine what a 


particular service does, for a specific invocation of that service, within the limitations of that service. 


Service Information Information used by the telecommunications infrastructure in the 


establishment and operation of a network-related service or services. The information may be established by an 


NWO/AP/SypP or a network user. 


Service Program An operating system program that provides a variety of common processing services to user's 


(e.g., utility programs, librarian programs, and other software). 


Service A component of the portfolio of choices offered by SvPs to a user, a functionality offered to 
a user. 
Servlet A small computer program designed to be added capabilities to a larger piece of server 


software. Common examples are "Java servlets", which are small programs written in the Java language and 
which are added to a web server. Typically a web server that uses Java servlets will have many of them, each 
one designed to handle a very specific situation, for example one servlet will handle adding items to a 


"shopping cart", while a different servlet will handle deleting items from the "shopping cart." 
Session Hijacking An intruder takes over a connection after the original source has been authenticated. 


Session Key A randomly-generated key that is used one time, and then discarded. 
Session keys are symmetric (used for both encryption and decryption). They are sent with the message, 
protected by encryption with a public key from the intended recipient. A session key consists of a random 
number of approximately 40 to 2000 bits. Session keys can be derived from hash values. 
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Session Layer The layer of the ISO Reference Model coordinating communications between network 


nodes. It can be used to initialize, manage, and terminate communication sessions. 


Session Token A value that represents a user's identity during their session. Typically the user provides 
some form of credentials (e.g., username, password, possibly a one-time token value from a second 
authentication factor) and the server returns a token value that represents the user's identity. In web 
applications, this token is often returned in a cookie. The client application includes the session token with 


each request, enabling the server to associate each request with the same user, role, and session. 
Session A completed connection to an Internet service, and the ensuing connect time. 


SET. Secure Electronic Transaction. SET is a recent standard that enables secure credit card 
transactions on the Internet, and is a key component of the security of e-commerce. SET employs digital 
signatures to enable merchants to verify the identity of buyers. It also protects buyers by enabling their credit 
card number to be transferred directly to the credit card issuer for verification and billing without revealing the 


number to the merchant. 


Severity The severity of a risk combines its likelihood and impact into a single measure. This 
combination often follows the guidance of NIST Special Publication 800-30, though some practitioners opt 


to use their own scale. 


Sexting A combination of the words ‘sex’ and ‘texting’, ‘sexting’ is the electronic communication of 
nonprofessional images or videos portraying one or more persons (self, or others) in a state of nudity or 


otherwise in a sexual manner which can then be forwarded to different media and audiences. 


Sexual Predator A term used pejoratively to describe a person seen as obtaining or trying to obtain sexual 


contact with another person in a metaphorically ‘predatory’ manner. 
SF Super Framing (TI /EI). 


SFA (1) Security Fault Analysis. An assessment usually performed on information system hardware, 


to determine the security properties of a device when hardware fault is encountered. 


SFA (2) Single Factor Authentication, Authentication process that requires only the user ID and 


password to grant access. 


SFUG Security Features Users Guide. Guide or manual explaining how the security mechanisms in 


a specific system work. 


SGML Standard Generalized Markup Language. An international standard for encoding textual 
information that specifies particular ways to annotate text documents separating the structure of the document 
from the information content. Developed in 1986 SGML provides a rich set of rules for defining new data 


formats. 


SHA Secure Hash Algorithm. A hash algorithm with the property that is computationally 
infeasible I) to find a message that corresponds to a given message digest, or 2) to find two different messages 


that produce the same message digest. 


SHAI A fairly fast, well regarded hash function with 160-bit digests that has been standardized by 
the National Institute of Standards and Technology (NIST). 


SHA-256 A cryptographic hash function from NIST with 256-bit message digests. 
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SHA-384 SHA-512 with a truncated digest (as specified by NIST). 
SHA-512 A cryptographic hash function from NIST with 512-bit message digests. 
Shared Information An organization’s information is in one central location allowing anyone 


to access and use it as they need it. 


Shared Secret A value shared by parties that may wish to communicate, where the secrecy of that value is 
an important component of secure communications. Typically, a shared secret is either an encryption key, a 


MAC key, or some value used to derive such keys. 


Shareware Software available on the Internet that may be downloaded to your machine for evaluation 


and for which you are generally expected to pay a fee to the originator of the software if you decide to keep it. 


Sharing Providing access to and facilitating the sharing of information which enhances reach and 


creates shared awareness. 


Shatter Attack A class of attack on the Windows event system. The Windows messaging system is 
fundamentally fragile from a security perspective because it allows for arbitrary processes to insert control 
events into the message queue without sufficient mechanisms for authentication, Sometimes messages can be 


used to trick other applications to execute malicious code. 


Shielded Enclosure Room or container designed to attenuate electromagnetic radiation, 


acoustic signals, or emanations. 


Shopping Bot — Buyer Agent. An intelligent agent or application on a Web site that helps customers find the 


products and services they want. 


Short Title Identifying combination of letters and numbers assigned to certain COMSEC materials to 


facilitate handling, accounting, and controlling. 
Shortfalls Functional areas in which additional capability or coverage is required. 


Shoulder Surfing The process of obtaining passwords or other sensitive information by covertly watching an 
authorized user enter information into a computer system. It is an effective way to get information in crowded 
places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN 
number at an ATM machine or type a password. Can also be done long-distance with the aid of binoculars or 


other vision- enhancing devices. 


Side Channel Attack An attack on a cryptographic system whereby data from other dependent 
systems is measured from which inferences can be made. Power consumption, timing analysis and acoustic 


emanations are example data sources for side-channel attacks. 


SIEM Security Information and Event Management. An approach to security management that 


seeks to provide a holistic view of an organization’s information technology (IT) security. 


SIGINT Signals Intelligence. A broad range of operations that involve the interception and analysis of 


signals across the electromagnetic spectrum. 


Sign a Message To use your private key to generate a digital signature as a means of proving you generated, 


or certify, some message. 
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Signaling The exchange of information specifically concerned with the establishment and control of 


connections, and with management, in a telecommunications network. 


Signature Certificate A public key certificate that contains a public key intended for verifying 
digital signatures rather than encrypting data or performing any other cryptographic functions. 


Signature Dynamics A form of electronic signatures which involves the biometric recording of 


the pen dynamics used in signing the document. 


Signature Generation Uses a digital signature algorithm and a private key to generate a digital 
signature on data; the process of using a digital signature algorithm and a private key to generate a digital 


signature on data. 


Signature Validation The (mathematical) verification of the digital signature and obtaining the 
appropriate assurances (e.g., public key validity, private key possession, etc.). 


Signature A recognizable, distinguishing pattern associated with an attack, such as a binary string in a 


virus or a particular set of keystrokes used to gain unauthorized access to a system. 


Signed Data Data on which a digital signature is generated. 

Sign-off The knowledge workers’ actual signatures indicating they approve all of the business 
requirements. 

SIL Safety Integrity Level. 

SIMM Single Inline Memory Module. 

Simplicity The simplest correct structure is the most desirable. 

Simulation The use of an executable model to represent the behavior of an object. During testing, the 


computational hardware, the external environment, and even the coding segments may be simulated. 


Simultaneous Processing The execution of two or more computer program instructions at the same 


time in a multiprocessing environment. 


Single InheritanceThe language mechanism that allows the definition of a class to include the attributes and 


methods defined for, at most, one superclass. 


Single Point Keying Means of distributing key to multiple, local crypto equipment or devices 
from a single fill point. 


Single Sideband Carrier An amplitude modulation technique for encoding analog or digital data 
using either analog or digital transmission. Single sideband suppresses one sideband of the carrier frequency at 


the source. As such, less power is used, and less bandwidth is required. 


Single Sign-On In a single sign-on program, users only need one password to access multiple programs in 
the same network. To initially log into a network program, the user provides a global identification and a 
password. When the user requests access to additional systems, the sign-on system retrieves the user's password 
to sign on to the new program SSO alleviates user frustrations with keeping or remembering multiple 
passwords to their computing resources. Companies may call upon SSO technologies to reduce shared 


passwords or readily available passwords written on yellow stickies of computer monitors. 
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Single Sign-on — Single sign-on allows you to access all computing resources that you should be able to reach 
by using a single set of authentication credentials that are presented a single time per login session. Single sign- 
on is a notion for improved usability of security systems that can often increase the security exposure of a 


system significantly. 


Single-Hop Problem The security risks resulting from a mobile software agent moving from its 


home platform to another platform. 
SIP SMDS Interface Protocol. 


SIR Signal-to-Interference Ratio. The ratio of the usable signal being transmitted to the noise or 


undesired signal. 


Site Accreditation An accreditation where all systems at a location are grouped into a single 
management entity. A DAA may determine that a site accreditation approach is optimal given the number of 
information technology systems, major applications, networks, or unique operational characteristics. Site 
accreditation begins with all systems and their interoperability and major applications at the site being certified 


and accredited. The site is then accredited as a single entity, and an accreditation baseline is established. 
Site An immobile collection of systems at a specific location. 


Situation Situation is a set of all security-relevant information. The decision of an entity on which 


security services it requires is based on the situation, 


Situational Awareness Comprehending information about the current and developing security 
posture and risks, based on information gathered, observation and analysis, and knowledge or experience. In 
cybersecurity, comprehending the current status and security posture with respect to availability, 


confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these. 


Skill Words Nouns and adjectives used by organizations to describe job skills that should be woven into 


the text of applicants’ resumes. 


Skim To steal credit card information by using a small, handheld electronic device to scan and 
store data from the card's magnetic strip; can be done manually by a corrupt employee while out of sight 
(usually at restaurants or bars) or automatically by placing a skimming device on top of a regular credit card 


reader (usually at gas stations or ATMs) and retrieving it later. 


Skimming DeviceA physical device, often attached to a legitimate card-reading device, designed to 


illegitimately capture and/or store the information from a payment card. Also called a “card skimmer.” 


Skimming Stealing card data directly from the consumer’s payment card or from the payment 
infrastructure at a merchant location such as with a rogue hand-held card reader or via modifications made to 
the merchant’s payment terminal. Its purpose is to commit fraud, the threat is serious, and it can hit any 


merchant’s environment. 


Skin Affect The concept that high-frequency energy travels only on the outside skin of a conductor and 


does not penetrate into it any great distance. 


SLA Service Level Agreement. An agreement, preferably documented, between a service provider 
and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be 


measured. 
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Slack Space The unused space in a group of disk sectors. Or the difference in empty bytes of the space 


that is allocated in clusters minus the actual size of the data files. . 


Slacktivism A combination of the words ‘slacker’ and ‘activism’. The word is usually considered a 
pejorative term that describes ‘feel-good’ measures, in support of an issue or social cause, that have little or no 


practical effect other than to make the person doing it feel some amount of satisfaction. 
SLARP Serial Link Address Resolution Protocol. 


Slave Computer A front-end processor that handles input and output functions for a host computer. 


SLDC (1) Systems Development Life cycle. 
SLDC (2) Synchronous Data Link Control. 
SLIP Serial Line Internet Protocol. An Internet protocol used to run IP over serial lines such as 


telephone circuits or RS-232 cables interconnecting two systems. SLIP is now being replaced by Point-to- 


Point Protocol. 


Slowloris Is a piece of software to take down a web server with minimal band width and side effects 
unrelated services and ports by trying to keep many connections to the target web server open and hold them 


open as long as possible. 


Small Merchant A business that typically has a single location or possibly a few locations, with limited to no 
IT budget and usually with no IT personnel on staff. 


Smartcard A smart card is a small device the size of a credit card with built-in electronic memory of 
personal data, such as identification and financial information. It can store everything from digital cash, to be 
spent and used like a travelers check, to health records. To transfer and receive data, a smart card must be 
inserted into a smart card reader. Smart cards are more secure than a magnetic strip card since they can be 


programmed to self-destruct if the wrong password is entered too many times. 


Smartphone A mobile phone built on a mobile computing platform that offers more advanced computing 


ability and connectivity than a standard mobile phone. 
SMDS Switched Multi-megabit Data Service. 


Smishing Fraudulent SMS messages designed to induce users to reveal personal or financial 


information via the mobile phone. 


SML Strength of Mechanism. A scale for measuring the relative strength of a security mechanism 
hierarchically ordered from SML I through SML 3. 


SMR Security management, security management roles. 

SMS Short Message Service. 

SMTP Simple Mail Transfer Protocol. The standard electronic mail (e-mail) protocol on the 
Internet. 

SNA (1) Survivable Network Analysis. 

SNA (2) Systems Network Architecture. 

SNAP Subnetwork Access Protocol. 
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Sneakernet Describes the transfer of data between computers or networks that are not physically, 
electrically or electromagnetically connected requiring information to be shared by physically transporting 
media contain the shared information from one computer to another. Initially described systems lacking the 


technology to network together, now usually refers to systems deliberately isolated for security reasons. 


SNF Skilled Nursing Facility. 

Sniffer Packet Sniffer or Passive Wiretapping. 

Sniffing An attack capturing sensitive pieces of information, such as a password, passing through the 
network. 

SNIP Strategic National Implementation Process--Sponsored by WEDI. 

SNMP Simple Network Management Protocol. 

SNMP Simple Network Management Protocol. Provides remote administration of network device; 


“simple” because the agent requires minimal software. 


Snooping AttacksAttacks where data is read off a network while in transit without modifying or destroying 
the data. 


Snort Rules /Snort Signatures Rules are a different methodology for performing detection, which bring 
the advantage of O-day detection to the table. Unlike signatures, rules are based on detecting the actual 
vulnerability, not an exploit or a unique piece of data. Developing a rule requires an acute understanding of 
how the vulnerability actually works. Through protocol analysis and content searching and matching, Snort 
detects attack methods, including denial of service, buffer overflow, CGI attacks, stealthport scans, and SMB 
probes. When suspicious behavior is detected, Snort sends a real-time alert to syslog, a separate ‘alerts’ file, or 


to a pop-up window. 
Snow A very fast stream cipher that is patent-free and seems to have a very high security margin. 


SOC Security Operations Center. A security operations center (SOC) is a centralized unit that 
deals with security issues on an organizational and technical level. A SOC within a building or facility is a 


central location from where staff supervises the site, using data processing technology. 
Sociability The ability of intelligent agents to confer with each other. 


Social Engineering An approach to gain access to information through misrepresentation. It 
is the conscious manipulation of people to obtain information without their realizing that a security breach is 
occurring, It may take the form of impersonation via telephone or in person and through email. Some emails 


entice the recipient into opening an attachment that activated a virus. 


Social Media The means of interactions among people in which they create, share, and exchange 
information and ideas in virtual (online) communities and networks. More specifically, social media refers to 


highly interactive and scalable platforms based on the web that focus on User-Generated Content (UGC). 


Social Network Attacks Social network attacks are major sources of attacks because of the volume 
of users and the amount of personal information that is posted. Users! inherent trust in their online friends is 
what makes these networks a prime target. For example, users may be prompted to follow a link on someone's 


page, which could bring users to a malicious website. 
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Social Network A software application or website that allows a large group of users to interact with each 
other, often allowing the creation of online portals or identities to share with specific people or the online 


world at large. 


Social Networking Service An online service, platform, or site that focuses on facilitating the building 
of social networks or social relations among people who, for example, share interests, activities, backgrounds, 


or real-life connections (examples include Facebook, Tumblr and LinkedIn). 


Social Networking Websites Sites specifically focused on the building and verifying of social networks 
for whatever purpose. Many social networking services are also blog hosting services. There are more than 300 
known social networking websites, including Facebook, Twitter, LinkedIn, MySpace and Blogspot. Such sites 
enable users to create online profiles and post pictures and share personal data such as their contact 
information, hobbies, activities and interests. The sites facilitate connecting with other users with similar 
interests, activities and locations. Sites vary in who may view a user’s profile some have settings which may be 


changed so that profiles can be viewed only by “friends.” 


Social Networking Using Internet-based tools that allow people to listen, interact, engage, and 
collaborate with each other; popular social networking platforms include Facebook, YouTube, LinkedIn, and 
Twitter. 


Socket A paring of an IP address and a port number. 


SoD Segregation of Duties. A basic internal control that prevents or detects errors and 
irregularities by assigning to separate individuals the responsibility for initiating and recording transactions and 
for the custody of assets. Segregation/separation of duties is commonly used in large IT organizations so that 


no single person is in a position to introduce fraudulent or malicious code without detection. 


SOF Strength of Function, a rating used by the Common Criteria (sSO/ IEC 15408) to rate the 
strength or robustness required for a security mechanism. Currently, three ratings are defined basic, medium, 
and high. The SOF is derived as a function of the value of the information being protected and the perceived 
threat to it. Compare with SML. 


Softlifting Illegal copying of licensed software for personal use. 


Software Assurance Level of confidence that software is free from vulnerabilities, either 
intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the 


software functions in the intended manner. 
Software Integrity Level The integrity level of a software item. 


Software Life Cycle The period of time beginning when a software product is conceived and 
ending when the product is no longer available for use. The software life cycle is typically broken into phases 


(e.g. requirements, design, programming, testing, conversion, operations, and maintenance). 


Software Maintenance All changes, corrections, and enhancements that occur after an application 


has been placed into production. 


Software Patch A piece of software designed to update a computer program in order to fix a software 


vulnerability or improve the program. 


Software Piracy To illegally copy software. 
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Software Reliability Case A systematic means of gathering, organizing, analyzing, and reporting the 
data needed by internal, contractual, regulatory, and Certification Authorities to confirm that a system has met 
specified reliability requirements and is fit for use in the intended operational environment; includes 
assumptions, claims, evidence, and arguments. A software reliability case is a component in a system reliability 


case. 


Software Reliability A measure of confidence that the software produces accurate and 
consistent results that are repeatable, under low, normal, and peak loads, in the intended operational 


environment. 


Software Safety Case A systematic means of gathering, organizing, analyzing, and reporting the 
data needed by internal, contractual, regulatory and Certification Authorities to confirm that a system has met 
specified safety requirements and is safe for use in the intended operational environment; includes assumptions, 


claims, evidence, and arguments. A software safety case is a component in a system safety case. 


Software Safety Design features and operational procedures which ensure that a product performs 
predictably under normal and abnormal conditions, and the likelihood of an unplanned event occurring is 
minimized and its consequences controlled and contained; thereby preventing accidental injury or death, 


environmental or property damage, whether intentional or accidental. 


Software Suite Bundled software that comes from the same publisher and costs less than buying all the 


software pieces individually. 


Software System Test and Evaluation Process Process that plans, develops, and documents the 
qualitative/ quantitative demonstration of the fulfillment of all baseline functional performance, operational, 


and interface requirements. 


Software Vulnerability A software vulnerablilty refers to the existence of a flaw -- or "bug" -- in 


software that may allow a third party or program to obtain unauthorized access to the flaw and exploit it. 


Software A computer program, which provides the instructions which enable the computer hardware 
to work. System software, such as Windows , Linux or MacOS, operate the machine itself, and applications 


software, such as spreadsheet or word processing programs, provide specific functionality. 


Software-Based Fault Isolation A method of isolating application modules into distinct fault domains 
enforced by software. The technique allows untrusted programs written in an unsafe language, such as C, to be 
executed safely within the single virtual address space of an application. Untrusted machine interpretable code 
modules are transformed so that all memory accesses are confined to code and data segments within their fault 
domain. Access to system resources can also be controlled through a unique identifier associated with each 


domain. 


Solution An integrated software package or integrated set of computer applications that collectively 
achieves a user's computing goal easily and seamlessly. For example, the owner of a small business might 
employ a security solution that offers interpretable anti-virus software with a firewall to secure business 
transactions or e-mail from business partners over the Internet. A solution is an integrated set of software 
programs created to work seamlessly together, where as a suite is a bundled set of complementary software 


programs that may not have been created to achieve a common goal. 
SONET Synchronous Optical Network. 


SOP Standard operating procedure. 
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Sort The arrangement of data in ascending or descending, alphabetic or numeric order. 
SOS Identification and authentication specification of secrets. 
Source Code Is the code for a software program, as written by the programmer, which is the intellectual 


property of the software developer. 


Source Document The form that is used for the initial recording of data prior to system 


input. 
Source Program The computer program that is coded in an assembler or higher-level programming language. 


Source Routing Specification A transmission technique where the sender of a packet can specify the 


route that packet should follow through the network. 
SOW Statement of Work. 


Space Diversity Protection of a radio signal by providing a separate antenna located a few feet below the 


regular antenna on the same tower to assume the load when the regular transmission path on the tower fades. 


Space Division Multiple Access (SDMA) Intelligent antenna systems use this access method to 
increase the capacity of cellular radio networks by separating frequencies within a cell site and allowing the 


same frequencies to be reused. 


Spam Filtering Software A program that analyzes emails to look for characteristics of spam, and 


typically places messages that appear to be spam in a separate email folder. 


Spam Filters Programs that detect and reject spam by looking for certain keywords, 


phrases or Internet addresses. 


Spam Any unsolicited commercial electronic message. It is often a source of scams, computer 
viruses and offensive content that takes up valuable time and increases costs for consumers, business and 


governments. 


Spamming A popular name for e-mail sent to many unwilling recipients in order to sell products or 


services (or sometimes to cheat naive customers). 
Spatial Domain the image plane itself; the collection of pixels that composes an image. 


Spear Phishing An attack targeting a specific user or group of users, and attempts to deceive the user into 
performing an action that launches an attack, such as opening a document or clicking a link. Spear phishers 
tely on knowing some personal piece of information about their target, such as an event, interest, travel plans, 


or current issues, Sometimes this information is gathered by hacking into the targeted network. 


Special Access Program (SAP) A program established for a specific class of classified information that 
imposes safeguarding and access requirements that exceed those normally required for information at the same 


classification level. 


Special Access Program Facility (SAPF) Facility formally accredited by an appropriate agency in 
accordance with DCID 6/9 in which SAP information may be processed. 


Special Agent A special agent in the Diplomatic Security Service (DSS) is a sworn officer of the 
Department of State or the Foreign Service, whose position is designated as either a GS-I811 or FS-2501, and 
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has been issued special agent credentials by the Director of the Diplomatic Security Service to perform those 
specific law enforcement duties as defined in 22 U.S.C. 2712. 


Special Character Any non-alphanumeric character that can be rendered on a standard American-English 
keyboard. Use of a specific special character may be application-dependent. The list of special characters 


follows: *~!1@#$%*8()_+1}£“ Se = 


Special Investigators Special investigators are contracted by the Department of State. They 
perform various noncriminal investigative functions in DS headquarters, field, and resident offices. They are 


not members of the Diplomatic Security Service and are not authorized to conduct criminal investigations. 


Specification A description of a problem or subject that will be implemented in a computational or other 
system. The specification includes both a description of the subject and aspects of the implementation that 
affect its representation. Also, the process and analysis and design that results in a description of a problem or 


subject that can be implemented in a computation or other system, 


Spectrum The radio frequency that is available for personal, commercial, and military use. 
SPF Shortest Path First. 
Spherical Zone of Control A volume of space in which uncleared personnel must be escorted which 


extends a specific distance in all directions from TEMPEST equipment processing classified information or 


from a shielded enclosure. 


SPI Security Parameter Index. SPI is an identifier for a security association within a 
specific security Protocol. This means that a pair of security protocol and SPI may uniquely identify a security 


association, but this is implementation dependent. 
SPID Service Provider Identifier. 


Spider A computer program that automatically retrieves Web documents. They are often used to 


feed pages to search engines for indexing; also known as a Web crawler. 


Spillage Security incident that results in the transfer of classified or CUI information onto an 


information system not accredited (i.e., authorized) for the appropriate security level. 


Spim Unwanted, unsolicited instant messages from someone you don’t know. Often sent in an 
gs y' 


attempt to sell you something or get you to reveal personal information. 


Spit spam over internet telephony 





Split Knowledge A procedure by which a cryptographic key is split into n multiple key components, 
individually providing no knowledge of the original key, which can be subsequently combined to recreate the 
original cryptographic key. If knowledge of k (where k is less than or equal to n) components is required to 
construct the original key, then knowledge of any k-I key components provides no information about the 


original key other than, possibly, its length. 


Sponsored Attacks Computer network attacks commissioned by, supported by or carried out 


by a state or government. 


Spoof (1) To send an email using a false return address in order to gain unauthorized entry into a 
secure system. (2) To make a transmission appear to come from a user other than the user who performed the 


action. 
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Spoofing (1) Using incorrect identification; usually applied to electronic misrepresentation such as 
putting the wrong originating address on a TCP/IP packet. Much used in denialof-service (DoS) and 
distributed DoS (DDoS) attacks. (2)) Masquerading so that a trusted IP address is used instead of the true IP 


address. A technique used by hackers as a means of gaining access to a computer system, 


Spooling A technique that maximizes processing speed through the temporary use of high-speed 
storage devices. Input files are transferred from slower, permanent storage and queued in the high-speed 


devices to await processing, or output files are queued in high-speed devices to await transfer to slower storage 


devices. 
SPP Sequenced Packet Protocol. 
Spread Spectrum Image Steganography A method of steganographic 


communication that uses digital imagery as the cover signal. 


Spread Spectrum Techniques The method of hiding a small or narrow-band signal (message) in a large 


or wide band cover. 


Spread Spectrum Telecommunications techniques in which a signal is transmitted in a bandwidth considerably 
greater than the frequency content of the original information, Frequency hopping, direct sequence spreading, 


time scrambling, and combinations of these techniques are forms of spread spectrum. 


Spreadsheet Software Computer software that divides a display screen into a large grid. This grid 


allows the user to enter labels and values that can be manipulated or analyzed. 
SPX Sequenced Packet Exchange. 


Spyware Any software that covertly gathers user information through the user’s Internet connection 
without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a 
hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it 
should be noted that the majority of shareware and freeware applications do not come with spyware. Once 
installed, the spyware monitors user activity on the Internet and transmits that information in the background 
to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit 


card numbers. 


SQL Injection Attack An exploit of target software that constructs structure query language 
(SQL) statements based on user input. An attacker crafts input strings so that when the target software 
constructs SQL statements based on the input, the resulting SQL statement performs actions other than those 
the application intended. SQL injection enables an attacker to talk directly to the database, thus bypassing the 


application completely. Successful injection can cause information disclosure as well as ability to add or 


modify data in the database. 


SQL Injection Results from failure of the application to appropriately validate input. When specially 
crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL 


queries, it is possible to glean information from the database in ways not envisaged during application design. 


SQL Structured Query Language. 
SRAM Static RAM. 
SRB Source route bridging. 
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SRE (1) Protection Profile evaluation, explicitly stated IT security requirements; (2) Security 


Target evaluation, explicitly stated IT security requirements. 


SRED Secure Reading and Exchange of Data. A set of PCI PTS requirements designed to protect 
and encrypt card data in payment terminals. A PCI Council-listed Point-to-Point Encryption (P2PE) solution 
must use a PTS-approved and listed payment terminal with SRED enabled and actively performing card data 


encryption. 

SRTB Source route transparent bridging. 

SRTP Sequenced Routing Update Protocol. 

SS7 Signaling System 7. 

SS7 Signaling System 7. SS7 employs a dedicated 64-kb data circuit to carry packetized machine 
language messages about each call connected between and among machines of a network to achieve connection 
control. 

SSAA System Security Authorization Agreement. The SSAA is a formal agreement among the 


DAA(s), the Certifier, user representative, and program manager. It is used throughout the entire DITSCAP to 
guide actions, document decisions, specify IA requirements, document certification tailoring and level-of-effort, 


identify potential solutions, and maintain operational systems security. 


SSAP Source Service Access Point (LLC). 
SSH Secure Shell. 
SSH Secure Shell. Network protocol that uses cryptography to secure communication, remote 


command line login and remote command execution between two networked computers. 
SSL Secure Socket Layer 


SSL Secure Socket Layer. SSL is a protocol, first developed by Netscape, for transmitting private 
documents over the Internet. SSL uses a private key to encrypt data that's transferred over the SSL connection. 
SSL can also be used to obtain confidential user information, such as credit card numbers. Web pages that 
require an SSL connection start with http:. A newer security protocol, TLS ( transaction layer security), is 
sometimes merged with SSL applications and may eventually set the standard for Internet security. TLS 
provides mail encryption and authentication for e-business transactions by using by using complex triple DES 


encryption to create a tunnel between client and host. 


SSN Social Security Number. 

SSO (1) Single Sign-On 

SSO (2) Standard-Setting Organization. 

SSP Service Switching Points. A switching system, including its remotes, that identifies calls 


associated with intelligent network services and initiates dialog with the SCP. 
SSP State Synchrony Protocol. 


ST Security Target. 
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ST&E Security Test & Evaluation, Examination and analysis of the safeguards required to protect 
an information system, as they have been applied in an operational environment, to determine the security 


posture of that system. 


Stack Smashing Overwriting a return address on the program execution stack by exploiting a buffer overflow. 


Generally, the implication is that the return address gets replaced with a pointer to malicious code. 


Stacked-Job Processing A computer processing technique in which programs and data awaiting 


processing are placed into a queue and executed sequentially. 


Standalone Root A certificate authority that signs its own certificates and does not rely of a directory service 


to authenticate users. 


Stand-Alone Terminal A payment terminal that does not rely on connection to any other device 
within the merchant environment and performs no other functions. The only requirement for it to operate is a 
connection to the processor through either an Internet connection or a telephone line. If the terminal requires 
connection to a computerized electronic cash register or is multi-function (like a mobile device), it is not a 


stand-alone terminal. 


Standard A published statement on a topic specifying characteristics, usually measurable, that must be 


satisfied or achieved in order to comply with the standard. 


Standardization The commander’s information requirements must not be comprised by the use of 


nonstandard equipment. 
Standards Audit The check to ensure that applicable standards are properly used. 


Standards A set of rules or specifications that, when taken together, define a software or hardware 
device. A standard is also an acknowledged basis for comparing or measuring something. Standards are 


important because new technology will only take root once a group of specifications is agreed upon. 


Start-Up KEK — Key-encryption-key held in common by a group of potential communicating entities and 


used to establish ad hoc tactical networks. 

State Affiliation Under the control or command of a recognized state or government. 

State Space The total collection of possible states for a particular object or group of objects. 
State Transition A change of state for an object; something that can be signaled by an event. 


State Variable A property or type that is part of an identified state of a given type. 


State A static condition of an object or group of objects. 
State Intermediate Cipher result that can be pictured as a rectangular array of bytes. 
Stateful Inspection A firewall architecture that tracks each connection traversing all interfaces 


of the firewall and makes sure they are valid. 


Statement Testing A test method of satisfying the criterion that each statement in a program 


be executed at least once during the program testing. 


Static Analysis The direct analysis of the form and structure of a product that does not require its execution. 


It can be applied to the requirements, design, or code. 
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Static Data Data that, once established, remains constant. 


Static Key A key that is intended for use for a relatively long period of time and is typically intended 


for use in many instances of a cryptographic key establish scheme. 


Station-to-Station Protocol A simple variant of the Diffie-Hellman key exchange 
protocol that provides key agreement and authenticates each party to the other. This is done by adding digital 
signatures (which must be done carefully). 


Status Monitoring Monitoring the information security metrics defined by the organization 


in the information security ISCM strategy. 
Statutory Requirements Laws created by government institutions. 


STDM Statistical Time Division Multiplexing. This form of multiplexing uses all available time 


slots to send significant information and handles inbound data on a first-come, first-served basis. 


Steering Committee A management committee assembled to sponsor and manages various 


projects such as information security program, 


Steganalysis The art of detecting and neutralizing steganographic messages. 
Steganalyst One who applies steganalysis with the intent of discovering hidden information, 
Steganographic File System A method of storing files in such a way that encrypts data and hides it 


such that it cannot be proven to be there. 


Steganography (1) The method of concealing the existence of a message or data within seemingly innocent 
covers. (2) A technology used to embed information in audio and graphical material. The audio and graphical 


materials appear unaltered until a steganography tool is used to revel the hidden message. 

Stegokey A key that allows extraction of the secret information out of the cover. 
Stego-Medium The resulting combination of a cover medium and embedded message and a stego key. 
Stego-Only Attack An attack where only the stego-object is available for analysis. 
STECS The Standard Transaction Format Compliance System. 


Stipend Program Allows qualifying employee's reasonable compensation for the use of a personal cell phone 
or Smart Phone for County business.Personal use limitations are removed from mobile communications 
devices subsidized under the stipend program, but User Responsibility Policy guidelines continue to apply to 


the extent the device is used to access the Technology Environment. 


StirMark A method of testing the robustness of a watermark. StirMark is based on the premise that 
many watermarks can survive a simple manipulation to the file, but not a combination of manipulations. It 
simulates a process similar to what would happen if an image was printed and then scanned back into the 


computer by stretching, shearing, shifting and rotating an image by a tiny random amount. 


STIX STIX is a language for having a standardized communication for the representation of 
cyberthreat information. Similar to TAXII, it is not a sharing program or tool, but rather a component that 


supports programs or tools. 


Storage Media Floppy diskettes, tapes, hard disk drives, or any devices that store automated information. 
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Storage Object | Object supporting both read and write accesses to an information system. 


Stored-Program Concept The location of the instructions placed in the memory of a common 


controlled switching unit and to which it refers while processing a call. 


STP Service Transfer Points. A signaling point with the function of transferring messages from 


one signaling link to another and considered exclusively from the viewpoint of the transferor. 
Strategic Management Provides an organization with overall direction and guidance. 


Strategic Planning and Policy Development In the NICE Workforce Framework, cybersecurity work 


where a person applies knowledge of priorities to define an entity. 


Strategic Threat Intelligence High level information, consumed at board level or by other senior 


decision-makers. It is almost exclusively in the form of prose, such as reports, briefings or conversations. 


Stream Cipher — An encryption method in which a cryptographic key and an algorithm are applied to each bit 


in a datastream, one bit at a time. 
Strength The power of the information assurance protection. 


Strike Warfare A primary warfare mission area dealing with preemptive or retaliatory offensive strikes 


against inland or coastal ground targets. 


Striped Core A network architecture in which user data traversing a core IP network is decrypted, filtered 
and re-encrypted one or more times. The decryption, filtering, and re-encryption are performed within a “Red 


gateway”; consequently, the core is “striped” because the data path is alternately Black, Red, and Black. 


Strong Authentication Strong authentication refers to systems that require multiple factors for 
authentication and use advanced technology, such as dynamic passwords or digital certificates, to verify a user’s 
identity. 

Strong Collision Resistance Strong collision resistance is a property that a hash function may have (and 


a good cryptographic hash function will have), characterized by it being computationally unfeasible to find 
two arbitrary inputs that yield the same output. 


Structurally Object-Oriented The data model allows definitions of data structures to represent entities 
of any complexity (complex objects). 


Structured Design A methodology for designing systems and programs through a top-down, 


hierarchical segmentation. 


Structured Programming The process of writing computer programs using logical, hierarchical 


control structures to carry out processing. 


Structured Query Language Injection Is an attack that involves the alteration of a database 
search in a web-based application, which can be used to obtain unauthorized access to sensitive information in 


a database. 


Structured Query Language A type of programming language used to interact with a database. The 
language is used to both update and issue queries to the database; a specialized language for sending queries to 
databases. Most industrial-strength and many smaller database applications can be addressed using SQL. Each 
specific application will have its own slightly different version of SQL implementing features unique to that 
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application, but all SQL-capable databases support a common subset of SQL. Example of an SQL statement 
is: SELECT name,email FROM people_table WHERE contry="'uk'. 


Stuxnet A sophisticated computer attack discovered in July 2010 that targeted control systems used 
to operate industrial processes in the energy, nuclear and other critical sectors. It is designed to exploit a 
combination of vulnerabilities to gain access to its target and modify code to change the process. Stuxnet 


primarily targeted Siemens SCADA systems used in the Iranian uranium enrichment program. 


Subassembly Major subdivision of an assembly consisting of a package of parts, 


elements, and circuits that perform a specific function. 
SUBC State Uniform Billing Committee. 


Subject Security Level Sensitivity label(s) of the objects to which the subject has both read and 
write access. Security level of a subject must always be dominated by the clearance level of the user associated 


with the subject. 


Subject An individual, process, or device causing information to flow among objects or a change to 


the system state. Includes software, firmware, and scripts. 
Subjective Information Attempts to describe something that is unknown. 


Subnet Address The subnet portion of an IP address. In a subnetted network, the host portion of an IP 


address is split into a subnet and a host portion using an address (subnet) mask. 


Subnet A portion of a network, which may be a physically independent network segment, that shares 
a network address with other portions of the network and is distinguished by a subnet number. A subnet is to 


a network what a network is to the Internet. 


Subordinate Certification Authority In a hierarchical PKI, a Certification Authority whose 
certificate signature key is certified by another CA, and whose activities are constrained by that other CA. 


Subparagraph (B)Does not include a system that is to be used for routine administrative and business 


applications (including payroll, finance, logistics, and personnel management applications). 


Subroutine A segment of code that can be called up by a program and executed at any time from any 


point. 


Subscriber loop The circuit that connects the telephone company’s central office to the demarcation point on 


the customer’s premises. The circuit is most likely a pair of wires. 


Subscriber An entity (associated with one or more users) that is engaged in a subscription with a 
telecommunications service provider (TSP). The subscriber is allowed to subscribe to and unsubscribe from 
services, to register a user or a list of users authorized to enjoy these services, and also to set the limits relative 


to the use that associated users make of these services. 


Substitution The steganographic method of encoding information by replacing insignificant bits from the 
cover with the bits from the embedded message. 


Substitution-Linear Transformation Network A practical architecture based on Shannon’s concepts for 
the secure, practical ciphers with a network structure consisting of a sequence of rounds of small substitutions, 


easily implemented by table lookup and connected by bit position permutations or linear transpositions. 
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Subsystem A major subdivision or component of an information system consisting of information, 


information technology, and personnel that perform one or more specific functions. 


Suite A A specific set of classified cryptographic algorithms used for the protection of some 


categories of restricted mission-critical information, 


Suite B A specific set of cryptographic algorithms suitable for protecting national security systems 
and information throughout the U.S. government and to support interoperability with allies and coalition 


partners. 


Suite Refers to a group of applications that might appear in one software package and work to 
achieve similar goals. For example, an office might select a software program that is touted as a suite of office 
programs, and hence contains a number of office-related applications contributing to the overall ease of office 
transactions. A suite is a bundled set of complementary software programs that may not have been created to 
achieve a common goal, while a solution is an integrated set of software programs created to work seamlessly 


together. 
Superclass A class from which another class inherits attributes and methods. 
Supercomputer The fastest, most powerful, and expensive type of computer. 


Superencryption Process of encrypting encrypted information. Occurs when a message, encrypted off-line, is 
transmitted over a secured, online circuit, or when information encrypted by the originator is multiplexed onto 


a communications trunk, which is then bulk encrypted. 


SuperFrame A synchronization-framing format for a TI. In a TI circuit, each of the 24 DSO channels 
are sampled every 125 microseconds and 8 bits are taken from each. If you multiply the 8 bits by the 24 
channels, you get 192-bits in a chain, and then add one bit for timing, you get 193 total bits in one frame. 
Twelve frames comprise the SuperFrame. A newer version of this TI formatting is called Extended Super 


Frame (ESF). 


Superior Certification Authority In a hierarchical PKI, a Certification Authority who has certified the 
certificate signature key of another CA, and who constrains the activities of that CA. 


Supersession Scheduled or unscheduled replacement of COMSEC material with a different edition. 


Supervisory Control and Data Acquisition A generic name for a computerized system that is 
capable of gathering and processing data and applying operational controls to geographically dispersed assets 


over long distances. 


Superzapping Using powerful utility software (originally the superzap utility on IBM mainframes) to 
access secure information while bypassing normal controls. Debug programs, and disk editors are examples of 


tools used for superzapping. 


Supplementation (Assessment Procedures) The process of adding assessment procedures or 
assessment details to assessment procedures in order to adequately meet the organization's risk management 
needs. 

Supplementation (Security Controls) The process of adding security controls or control 


enhancements to a security control baseline from NIST Special Publication 800-53 or CNSS Instruction 


1253 in order to adequately meet the organization’s risk management needs. 
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Supply Chain Attack Attacks that allow the adversary to utilize implants or other vulnerabilities 
inserted prior to installation in order to infiltrate data, or manipulate information technology hardware, 
software, operating systems, peripherals (information technology products) or services at any point during the 


life cycle. 
Supply Chain Risk Management The process of identifying, analyzing, and assessing supply chain risk and 


accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and 


benefits of any actions taken, 


Supply Chain A system of organizations, people, activities, information and resources, possibly 
international in scope, for creating and moving products including product components and/or services from 


suppliers through to their customers. 


Support Mission Area Support Warfare Mission Area. Areas of Naval warfare that provide 


support functions that cut across the boundaries of all (or most) other warfare mission areas. 


Suppression Measure Action, procedure, modification, or device that reduces the level of, or 


inhibits the generation of, compromising emanations in an information system. 


Supraliminal Channel a feature of an image which is impossible to remove without gross 


modifications, i.e. a visible watermark. 


Surreptitious Forwarding An attack on some public key cryptosystems where a malicious user 
decrypts a digitally signed message and then encrypts the message using someone else’s public key giving the 


end receiver the impression that the message was originally destined for them. 


Survivability The capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, 


failures, or accidents. A survivability assessment covers the full threat control chronology. 


SVC Switched Virtual Circuit. A virtual circuit connection established across a network on an as- 


needed basis and lasting only for the duration of the transfer. 


SvP Service Provider. A natural or legal person providing one or more public telecommunications 
services whose provision consists wholly or partly in the transmission and routing of signals on a 


telecommunications network. SvPs do not necessarily have to run their own networks. 


Swapping A method of computer processing in which programs not actively being processed are held 


on special storage devices and alternated in and out of memory with other programs according to priority. 


SWG Secure Web Gateway. A secure Web gateway is a solution that filters unwanted 
software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy 
compliance. 

Switch A mechanical, electrical, or electronic device that opens or closes circuits, completes or 


breaks an electrical path, or selects paths or circuits. A switch looks at incoming data to determine the 
destination address. Based on that address, a transmission path is set up through the switching matrix between 


the incoming and outgoing physical communications ports and links. 


Switched Beam Also called switch lobe. Smart antennas use power patterns that are more concentrated and 


directed than the regular antenna. The far end device receives a much more powerful signal from the antenna. 
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Switches Typically associated as a data link layer device, switches enable local area network (LAN) 
segments to be created and interconnected, which has the added benefit of reducing collision domains in 


Ethernet-based networks. 
Switching Costs Costs that can make customers reluctant to switch to another product or service. 


Syllabary List of individual letters, combination of letters, or syllables, with their equivalent code 
groups, used for spelling out words or proper names not present in the vocabulary of a code. A syllabary may 


also be a spelling table. 


Symbolic Evaluation The process of analyzing the path of program execution through the use 


of symbolic expressions. 
Symbolic Execution The analytical technique of dissecting each program path. 


Symmetric Cryptography A branch of cryptography in which a cryptographic 


system or algorithms use the same secret key (a shared secret key). 


Symmetric Encryption Algorithm Encryption algorithms using the same secret key for encryption and 
decryption. 


Symmetric Key Encryption In symmetric key encryption two trading partners share one or more 
secrets, no one else can read their messages. A different key (or set of keys) is needed for each pair of trading 


partners. Same key used for encryption and decryption. 


Symmetric Key A cryptographic key that is used to perform both the cryptographic operation and its inverse, 
for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify 
the code. Also, a cryptographic algorithm that uses a single key (ie., a secret key) for both encryption of 
plaintext and decryption of ciphertext. 


Synchronous Crypto-Operation — Encryption algorithms using the same secret key for encryption and 
decryption. 


Synchronous Optical Network Is an international standard for high-speed data communications over 


fiber-optic media. The transmission rates range from 51.84 Mbps to 2.5 Gbps. 


Synchronous A protocol of transmitting data over a network where the sending and receiving terminals are 


kept in synchronization with each other by a clock signal embedded in the data. 
Syntax The statement formats and rules for the use of a programming language. 


Synthetic Identity Fraud A type of fraud in which identity thieves use a combination of real and 
false information to either establish an account with a partially fictional identity, or create an entirely new 


identity from false information. 


System Accreditation The official authorization granted to an information system to process 
sensitive information in its operational environment based on a comprehensive security evaluation of the 
system’s hardware, firmware, and software security design, configuration and implementation and of the other 


system procedural, administrative, physical, TEMPEST, personnel, and communications security controls. 


System Administration The cybersecurity work where a person installs, configures, troubleshoots, 


and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and 
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availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and 


account creation and administration. 


System Administrator A person who manages the technical aspects of a system. Individual 
responsible for the installation and maintenance of an information system, providing effective information 
system utilization, adequate security parameters, and sound implementation of established Information 


Assurance policy and procedures. 


System Analysis The process of studying information requirements and preparing a set of functional 


specifications that identify what a new or replacement system should accomplish. 


System Assets Any software, hardware, data, administrative, physical, communications, or personnel 


resource within an information system, 
System Attributes The qualities, characteristics, and distinctive features of information systems. 


System Bus The electronic pathways that move information between basic components on the 


motherboard, including the pathway between the CPU and RAM. 


System Certification The technical evaluation of a system’s security features that established the 
extent to which a particular information system’s design and implementation meets a set of specified security 


requirements. 


System Design The development of a plan for implementing a set of functional requirements as an 


operational system. 


System Development Methodologies Methodologies developed through software engineering 
to manage the complexity of system development. Development methodologies include software engineering 


aids and high-level design analysis tools. 
System Entity A system subject (user or process) or object. 


System Environment the unique technical and operating characteristics of an IT system and its 
associated environment, including the hardware, software, firmware, communications capability, organization, 


and physical location. 


System Hardening A process to eliminate as many security risks as possible by removing all 


nonessential software programs, protocols, services and utilities from the system 


System High Mode Information systems security mode of operation wherein each user, with 
direct or indirect access to the information system, its peripherals, remote terminals, or remote hosts, has all of 
the following: a. valid security clearance for all information within an information system; b. formal access 
approval and signed nondisclosure agreements for all the information stored and/or ptocessed (including all 
compartments, sub compartments and/or special access programs); and c. valid need-to-know for some of the 


information contained within the information system. 


System High A system is operating at system high security mode when the system and 
all of its local and remote peripherals are protected in accordance with the requirements for the highest 
classification category and types of material contained in the system. All users having access to the system have 
a security clearance, but not necessarily a need-to-know for all material contained in the system. In this mode, 
the design and operation of the system must provide for the control of concurrently available classified 


material in the system on the basis of need-to-know. 
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System Indicator Symbol or group of symbols in an off-line encrypted message identifying the specific 
cryptosystem or key used in the encryption. 


System Integrity Procedures Procedures established to ensure that hardware, software, firmware, and 
data in a computer system maintain their state of original integrity and are not tampered with by unauthorized 


personnel. 


System Integrity Is the quality that a system has when it performs its intended function in an unimpaired 
manner, free from unauthorized manipulation of the system, whether intentional or accidental. Attribute of an 
information system when it performs its intended function in an unimpaired manner, free from deliberate or 


inadvertent unauthorized manipulation of the system, 


System Interconnection The direct connection of two or more information technology systems for 


the purpose of sharing data and other information resources. 


System Log An audit trail of relevant system happenings (e.g., transaction entries, database changes). 
System Low Lowest security level supported by an information system. 
System Of Records A group of any records under the control of any agency from which 


information is retrieved by the name of the individual or by some identifying number, symbol, or other 


identifying particular assigned to the individual. 


System of Records A group of any records under the control of any agency from which 
information is retrieved by the name of the individual or by some identifying number, symbol, or other 


identifying particular assigned to the individual. 


System Owner Person or organization having responsibility for the development, procurement, integration, 


modification, operation and maintenance, and/or final disposition of an information system. 


System Profile Detailed security description of the physical structure, equipment component, location, 


relationships, and general operating environment of an information system. 


System Reliability The composite of hardware and software reliability for a specified 


operational environment. System reliability measurements combine qualitative and quantitative assessments. 


System Safety Engineering An engineering discipline that employs specialized professional knowledge 
and skills in applying scientific and engineering principles, criteria, and techniques to identify and eliminate 


hazards, in order to reduce the associated mishap risk. 


System Safety The application of engineering and management principles, criteria, and techniques to 
achieve acceptable mishap risk, within the constraints of operational effectiveness, time, and cost, throughout 


the life of a system. 


System Security Plan Formal document that provides an overview of the security requirements 
for the information system and describes the security controls in place or planned for meeting those 
requirements; The formal document prepared by the information system owner (or common security controls 
owner for inherited controls) that provides an overview of the security requirements for the system and 
describes the security controls in place or planned for meeting those requirements. The plan can also contain 
as supporting appendices or as references, other key securityrelated documents such as a risk assessment, 
ptivacy impact assessment, system interconnection agreements, contingency plan, security configurations, 


configuration management plan, and incident response plan. 
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System Security Information System Security. 


System Software The special software within the cryptographic boundary (e.g., operating system, compilers or 
utility programs) designed for a specific computer system or family of computer systems to facilitate the 


operation and maintenance of the computer system, associated programs, and data. 


System Survivability The ability to continue to make resources available, despite adverse 
circumstances including hardware malfunctions, accidental software errors, accidental and malicious intentional 


user activities, and environmental hazards such as EMC/EMI/RFI. 


System Test The process of testing an integrated hardware / software system to verify that the system 


meets its specified requirements. 


Systematic Failure Failures that result from an error of omission, error of commission, or 


operational error during a life-cycle activity. 


Systematic Safety Integrity A qualitative measure or estimate of the failure rate due to systematic 


failures in a dangerous mode of failure. 


Systems Analysis The process of studying information requirements and preparing a set of functional 


specifications that identify what a new or replacement system should accomplish. 


Systems Architecture The fundamental and unifying system structure defined in terms of system 


elements, interfaces, processes, constraints, and behaviors. 


Systems Design The development of a plan for implementing a set of functional requirements as an 


operational system. 


Systems Engineering An integrated composite of people, products, and processes that provides a 


capability or satisfies a stated need or objective. 


Systems Requirements Planning — In the NICE Workforce Framework, cybersecurity work where a person 
consults with customers to gather and evaluate functional requirements and translates these requirements into 
technical solutions; provides guidance to customers about applicability of information systems to meet 


business needs. 


Systems Security Analysis In the NICE Workforce Framework, cybersecurity work where a person 


conducts the integration/ testing, operations, and maintenance of systems security. 


Systems Security Architecture In the NICE Workforce Framework, cybersecurity work where a person 
develops system concepts and works on the capabilities phases of the systems development lifecycle; translates 


technology and environmental conditions (e.g., law and regulation) into system and security designs and 


processes. 

Systems Security Engineering Information Systems Security Engineering. 

Systems Security Officer Information Systems Security Officer. 

Systems Security There are three parts to Systems Security (1) Computer Security (COMPUSEC) 


is composed of measures and controls that protect an AIS against denial-of-service, unauthorized disclosure, 


modification, or destruction of AIS and data (information). (2) Communications 
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Systems Software The programs and other processing routines that control and activate the computer 


hardware facilitating its use. 


System-Specific Security Control A security control for an information system that has not been designated 
as a common security control or the portion of a hybrid control that is to be implemented within an 


information system, 


TI A special type of telephone line for digital communication and transmission. TI lines 
provide for digital transmission with signaling speed of 1.544 Mbps (1,544,000 bits per second). This is the 


standard for digital transmissions in North America. Usually delivered on fiber optic lines. 


T-3 A leased-line connection capable of carrying data at 44,736,000 bits-per second. This is 


more than enough to do full-screen, full-motion video. 

TA Terminal adapter. 

TA/NTITCB Terminal Adapter/Network Termination I (ISDN) Trusted Computing Base. 
TAB TOE access, TOE access banners. 


Table Driven An indexed file in which tables containing record keys (i.e., disk addresses) are used to 


retrieve records. 


Table An area of computer memory containing multiple storage locations that can be referenced by 


the same name. 


Tablet Tablet computer, tablet PC, is a portable computer (smaller than a laptop) that uses a 


touchscreen as its primary input device. 


Tabletop Exercise A discussion-based exercise where personnel with roles and responsibilities 
in a particular IT plan meet in a classroom setting or in breakout groups, to validate the content of the plan by 
discussing their roles during an emergency and their responses to a particular emergency situation. A facilitator 


initiates the discussion by presenting a scenario and asking questions based on the scenario. 


TACACS Terminal Access Controller Access Control System. Authentication protocol, developed by 
the DDN community that provides remote access authentication and related services, such as event logging. 
User passwords are administered in a central database rather than in individual routers, providing an easily 


scalable network security solution. 


TACACS+ Terminal Access Controller Access Control System Plus. An authentication protocol, often 


used by remote-access servers or single (reduced) sign-on implementations. 


Tactical Data Information that requires protection from disclosure and modification for a limited duration 


as determined by the originator or information owner. 


Tactical Edge The platforms, sites, and personnel (U. S. military, allied, coalition partners, first responders) 
operating at lethal risk in a battle space or crisis environment characterized by 1) a dependence on information 
systems and connectivity for survival and mission success, 2) high threats to the operational readiness of both 
information systems and connectivity, and 3) users are fully engaged, highly stressed, and dependent on the 


availability, integrity, and transparency of their information systems. 


Tactical Management Develops the goals and strategies outlined by strategic management. 
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Tactical Threat Intelligence often referred to as tactics, techniques and procedures (TTPs) and is 


information about how threat actors are conducting attacks 


Tag The term "tag" can be used as a noun or verb. As a noun, a tag is a basic element of the 
languages used to create web pages (HTML) and similar languages such as XML. Another, more recent 
meaning of tag is related to reader-created tags where blogs and other content (such as photos, music, etc.) 
may be "tagged" which means to assign a keyword, such as "politics" or "gardening", this enables searches for 


"all the blog postings in the past week that are tagged 'prenatal care™ 


Tailored Security Control Baseline A set of security controls, resulting from the application of tailoring 


guidance, to the security control baseline. 


Tailored Trustworthy Space A cyberspace environment that provides a user with confidence in its 
security, using automated mechanisms to ascertain security conditions and adjust the level of security based on 


the uset’s context and in the face of an evolving range of threats. 


Tailoring The process by which a security control baseline is modified based on (1) the application of 
scoping guidance; (2) the specification of compensating security controls, if needed; and (3) the specification 


of organization-defined parameters in the security controls via explicit assignment and selection statements. 


Tampering An intentionally caused event that results in modification of a system, its intended behavior, 


or data. 


Tandem Switch A tandem switch connects one trunk to another. An intermediate switch or connection 
between an originating telephone call location and the final destination of the call. The tandem point passes 
the call along. 


Tangible Asset Any assets that has physical form. 


Target Identification Identity that relates to a specific lawful authorization as such. This may be 
a serial number or a combination of characters and numbers. It is not related to the denoted interception 


subject or subjects. 
Target Identity The identity associated with a target service used by the interception subject. 


Target Service  Telecommunications service associated with an interception subject and usually specified in a 
lawful authorization for interception. There may be more than one target service associated with a single 


interception subject. 
Target Person or asset selected as the aim of an attack. 


Task Management System It allocates the processor unit resources according to 


priority scheme or other assignment methods. 


TAXI Trusted Automated Exchange of Indicator Info. TAXII is not an information sharing 
program and does not define trust agreements. Rather, it is a set of specifications for exchanging cyberthreat 
information to help organizations share information with their partners. TAXII has the following three 
sharing models: Hub and Spoke, one central clearinghouse; Source/Subscriber, one organization is the single 
source of information; Peer-to-Peer, multiple organizations share their information. TAXI] defines the 
following four services, where each service is optional and services can be combined in different ways for 


different sharing models: Inbox, a service to receive pushed content (push messaging); Poll, a service to request 
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content (pull messaging); Collection Management, a service to learn about and request subscriptions to data 


collections; Discovery, learn which services are supported and how to interact with them. 
TB Terabyte. Terabyte is 1,099,511,627,776 bytes, 1,024 Gigabytes, or 1,048,576 Megabytes. 


TCB Trusted Computing Base. The totality of protection mechanisms within a computer system, 
including hardware, software, and communications equipment, the combination of which is responsible for 
enforcing a security policy. A TCB consists of one or more components that together enforce a unified 
security policy over a product or system. The ability of a trusted computing base to correctly enforce a security 
policy depends solely on the mechanisms within the TCB and on the correct input by system administrative 


personnel of parameters (such as a uset’s clearance) related to the security policy. 


TCO Total Cost of Ownership. Includes the original cost of the computer plus the cost of 
software, hardware and software upgrades, maintenance, technical support, training, and certain activities 


performed by users. 


TCP Transmission Control Protocol. A connection-based Internet protocol that supports reliable 
data transfer connections. Packet data are verified using checksums and retransmitted if they are missing or 


corrupted. The application plays no part in validating the transfer. 


TCP/IP Transmission Control Protocol/Internet Protocol is a set of communications protocols that 
encompasses media access, packet transport, session communications, file transfer, electronic mail, terminal 
emulation, remote file access and network management. TCP/IP ptovides the basis for the Internet. The 
structure of TCP/IP is as follows: Process layer clients FTP, Telnet, SMTP, NFS, DNS; Transport layer 
service providers TCP (FTP, Telnet, SMTP), UDP (NFS, DNS); Network layer IP (TCP, UDP); Access 
layer: Ethernet (IP), Token ring (IP). 


TCP/IP Transmission Control Protocol/Internet Protocol. Provides the basis for the Internet; a set 
of communication protocols that encompass media access, packet transport, session communication, file 


transfer, electronic mail (e-mail), terminal emulation, remote file access and network management 


TCR Treated Conference Room. A shielded enclosure that provides acoustic and electromagnetic 


attenuation protection. 


TCSEC Trusted Computer Security Evaluation Criteria. A security development standard for system 
manufacturers and a basis for comparing and evaluating different computer systems. Also known as the 
Orange Book. 

TCSEC Trusted Computer Systems Evaluation Criteria. 

TDM Time Division Multiplexing. A technique for transmitting a number of separate data, voice, 


and video signals simultaneously over one communications medium by interleaving a piece of each signal one 


after another. 


TDMA Time Division Multiple Access. One of several technologies used to separate multiple 


conversation transmissions over a finite frequency allocation of through-the-air bandwidth. 


TDOS Telephone Denial-of-Service Attack. An attack in which a large number of false telephone 
calls are generated and directed to one or more phone numbers to prevent those numbers from accepting 


legitimate phone calls. 


TE Terminal Equipment. 
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TEI and TE2 Terminal Endpoints. 
TECHINT Technical Intelligence 


Technical Architecture Defines the hardware, software, and telecommunications equipment 


required to run the system. 


Technical Certification A formal assurance by the Undersecretary for Management to Congress 
that standards are met which apply to an examination, installation, test or other process involved in providing 
security for equipment, systems, or facilities. Certifications may include exceptions and are issued by the office 


or person performing the work in which the standards apply. 


Technical Controls The security controls (i.e, safeguards or countermeasures) for an 
information system that are primarily implemented and executed by the information system through 


mechanisms contained in the hardware, software, or firmware components of the system. 


Technical Non-Repudiation The contribution of public key mechanisms to the provision of technical 


evidence supporting a non-repudiation security service. 


Technical Penetration An unauthorized RF, acoustic, or emanations intercept of information. 
This intercept may occur along a transmission path which is (1) known to the source, (2) fortuitous and 


unknown to the source, or (3) clandestinely established. 


Technical Security Controls Security controls (i.e., safeguards or countermeasures) for an information 
system that are primarily implemented and executed by the information system through mechanisms contained 


in the hardware, software, or firmware components of the system. 


Technical Steganography The method of steganography where a tool, device or method is used to 


conceal a message. For example invisible inks and microdots . 
1 ge. F pl ble inks and dot 


Technical Surveillance The act of establishing a technical penetration and _ intercepting 


information without authorization. 


Technical Threat Intelligence information (or more often, data) that is consumed through technical 
means. For example, a feed of IP addresses suspected of being malicious or implicated as command and 
control servers. OFTEN has a short lifespan. The fact that an attacker uses a particular piece of malware 
would be tactical intelligence, while an indicator against a specific compiled example would be technical 


intelligence. 


Technical Vulnerability Information Detailed description of a weakness to include the 


implementable steps (such as code) necessary to exploit that weakness. 


Technological Attack An attack that can be perpetrated by circumventing or nullifying hardware, 


software, and firmware access control mechanisms rather than by subverting system personnel or other users. 


Technology R&D Technology Research and Development. The cybersecurity 
work where a person conducts technology assessment and integration processes; provides and supports a 


prototype capability and/or evaluates its utility. 
Technology-Literate Knowledge Worker A person who knows how and when to apply technology. 


TEK Traffic Encryption Key. Key used to encrypt plain text or to superencrypt previously 
encrypted text and/or to decrypt cipher text. 
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Telecommunications Carrier An entity engaged in the transmission or switching of wire or electronic 


communications as a Common carrier. 


Telecommunications Device A tool used to send information to and receive it from another person or 
location. 
Telecommunications Service The offering of telecommunications for a fee directly to the public or to 


such classes of users as to be effectively available directly to the public, regardless of the facilities used. 


Telecommunications Preparation, transmission, communication, or related processing of 
information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro- 


optical, or electronic means. 


Telecommuting The use of communications technologies (such as the Internet) to work in a place other than 


a central location. 


Teleprocessing Security The protection that results from all measures designed to prevent 
deliberate, inadvertent, or unauthorized disclosure or acquisition of information stored in or transmitted by a 


teleprocessing system. 


Teleprocessing Information processing and transmission performed by an_ integrated system of 


telecommunications, computers, and person-to-machine interface equipment. 


Telework The ability for an organization’s employees and contractors to perform work from locations 


other than the organization’s facilities. 


Telnet The virtual terminal protocol in the Internet suite of protocols. Allows users of one host to 


log into a remote host and interact as normal terminal users of that host. 


TEMPEST Certification Nationally approved hardware that protects against the transmission of 
compromising emanations, i.e., unintentional signals from information processing equipment which can 


disclose information being processed by the system. 


TEMPEST Equipment Or TEMPEST-Approved Equipment. Equipment that has been designed 
or modified to suppress compromising signals. Such equipment is approved at the national level for U.S. 
classified applications after undergoing specific tests. National TEMPEST approval does not, of itself, mean a 
device can be used within the foreign affairs community. Separate DS approval is required. 


TEMPEST Exploitation Electronic and electromechanical information-processing equipment can 
produce unintentional intelligence-bearing emanations, commonly known as TEMPEST. If intercepted and 
analyzed, these emanations may disclose information transmitted, received, handled, or otherwise processed by 


the equipment. 


TEMPEST Hazard A security anomaly that holds the potential for loss of classified 


information through compromising emanations. 


TEMPEST Test A field or laboratory examination of the electronic signal characteristics of equipment or 


systems for the presence of compromising emanations. 


TEMPEST ZoneDesignated area within a facility where equipment with appropriate TEMPEST 
characteristics (TEMPEST zone assignment) may be operated. 
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Tempest A name referring to the investigation, study, and control of unintentional compromising 


emanations from telecommunications and automated information systems equipment. 


TEMPEST Is a classification of technology designed to minimize the electromagnetic emanations 
generated by computing devices. TEMPEST technology makes it difficult, if not impossible, to compromise 


confidentiality by capturing emanated information. 


Temporal Masking A form of masking that occurs when a weak signal is played immediately 


after a strong signal. . 


Temporary Advantage An advantage that, sooner or later, the competition duplicates or leap frogs 


with a better system. 


Tenant Agency A U.S. government department or agency operating overseas as part of the U.S. foreign 
affairs community under the authority of a chief of mission. Excluded are military elements not under direct 


authority of the chief of mission. 


Terminal Identification The means used to establish the unique identification of a terminal by a 


computer system or network. 


Terminal Server Is a special purpose computer that has places to plug in many modems on one side, and a 
connection to a LAN or host machine on the other side. Thus the terminal server does the work of answering 
the calls and passes the connections on to the appropriate node. Most terminal servers can provide PPP or 


SLIP services if connected to the Internet. 


Terminal A device that allows you to send commands to a computer somewhere else. At a minimum, 
this usually means a keyboard and a display screen and some simple circuitry. Usually you will use terminal 
software in a personal computer the software pretends to be (emulates) a physical terminal and allows you to 


type commands to a computer somewhere else. 


Test and Evaluation In the NICE Workforce Framework, cybersecurity work where a person 
develops and conducts tests of systems to evaluate compliance with specifications and requirements by 
applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, 
functional, and performance characteristics (including interoperability) of systems or elements of systems 


incorporating information technology. 
Test Condition A detailed step the system must perform along with the expected result of the step. 


Test Data Generators Computer software tools that help generate files of data that can be used 


to test the execution and logic of application programs. 


Test Data Data that simulates actual data to form and content and is used to evaluate a system or 


program before it is put into operation, 
Test Key Key intended for testing of COMSEC equipment or systems. 


Test A type of assessment method that is characterized by the process of exercising one or more 
assessment objects under specified conditions to compare actual with expected behavior, the results of which 


are used to support the determination of security control effectiveness over time. 


Testing The examination of the behavior of a program through its execution on sample data sets. 
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Text Messaging The process of sending a written message to someone's mobile device. Short Message Service 
(SMS) is a way of sending text messages between mobile devices. Multimedia Messaging Service (MMS) is 


the process for sending images, audio and video between mobile devices. 


Texture Block Coding A method of watermarking that hides data within the continuous random 
texture patterns of an image. The technique is implemented by copying a region from a random texture pattern 


found in a picture to an area that has similar texture, resulting in a pair of identically textured regions in the 


picture. 

T-FA Two-Factor Authentication. 

TFTP Trivial File Transfer Protocol. 

The Onion Router Is a free software for enabling anonymous communication or is free 


software for enabling anonymous communication. The name is an acronym derived from the original software 
project name The Onion Router,however, the correct spelling is “Tor”, capitalizing only the first letter. Tor 
directs Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand 
relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. 
Using Tor makes it more difficult for Internet activity to be traced back to the user. This includes “visits to 


Web sites, online posts, instant messages, and other communication forms”. 


The Prisoner’s Problem A model for steganographic communication. 

Thin Client A workstation with a small amount of processing power and costing less than a full-powered 
workstation. 

Third-Party ad Servers Companies that display banner advertisements on Web sites that you visit. 


These companies are often not the ones that own the Web site. 


Third-Party Relationship Any business arrangement between a financial institution and another 


entity, by contract or otherwise. 


Third-Party Service Provider Any type of company, including affiliated entities, non-affiliated entities, 
and alliances of companies providing products and services to the financial institution. Other terms used to 
describe service providers include vendors, subcontractors, external service providers, application service 


providers, and outsourcers. 
Threat Actor A person who performs a cyber attack or causes an accident. 


Threat Agent Methods and things used to exploit a vulnerability. Examples include 


determination, capability, motive and resources. 


Threat Analysis An evaluation of the type, scope and nature of events or actions that can result in adverse 
consequences; identification of the threats that exist against enterprise assets. The threat analysis usually 


defines the level of threat and the likelihood of it materializing. 


Threat Control Measure (1) A proactive design or operational procedure, action, or device used to 
reduce the risk caused by a threat. (2) A proactive design technique, device, or method designed to eliminate or 


mitigate hazards, and unsafe and unsecure conditions, modes and states. 


Threat Event Any event during which a threat element/actor acts against an asset in a 


manner that has the potential to directly result in harm. 
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Threat Intelligence The acquisition and analysis of information to identify, track, and predict 


cyber capabilities, intentions, and activities that offer courses of action to enhance decisionmaking. 


Threat Model A representation of the system threats that are expected to be reasonable. 
This includes denoting what kind of resources an attacker is expected to have, in addition to what kinds of 


things the attacker may be willing to try to do. Sometimes called an architectural security assessment. 


Threat Monitoring The analysis assessment and review of audit trails and other data collected 


to search out system events that may constitute violations or precipitate incidents involving data privacy. 


Threat Scenario A set of discrete threat events, associated with a specific threat source or multiple threat 


sources, partially ordered in time. 


Threat Shifting Response from adversaries to perceived safeguards and/or countermeasures (Le. security 
controls), in which the adversaries change some characteristic of their intent to do harm in order to avoid 


and/or overcome those safeguards / countermeasures. 


Threat Source — Either (1) intent and method targeted at the intentional exploitation of a vulnerability or (2) 
the situation and method that may accidentally trigger a vulnerability. 


Threat Vector The path or route used by the adversary to gain access to the target. 


Threat Any circumstance or event with the potential to adversely impact organizational operations 
(including mission, functions, image, or reputation), organizational assets, or individuals through an 
information system via unauthorized access, destruction, disclosure, modification of information, and/or 


denial of service; Also, the potential for a threat-source to successfully exploit particular information system 


vulnerability. 

Three Generic Strategies Cost leadership, differentiation, and a focused strategy. 

Three-Way Handshake The process whereby two protocol entities synchronize during connection 
establishment. 

Thrill-Seeker Hacker A hacker who breaks into computer systems for fun. 

Throughput The process of measuring the amount of work a computer system can handle within a 


specified timeframe. 
Throw-Away Account Email or computer access account created for one-time use. 


Ticket In access control, data that authenticates the identity of a client or a service and, together 


with a temporary encryption key (a session key), forms a credential. 
TIFF Tagged Image Format. 


Time Bomb Program or batch file waits for a specific time before causing damage. Often used by 
disgruntled and dishonest employees who find out they're to be fired or by dishonest consultants who put 
unauthorized time-outs into their programs without notifying their clients. Logic bombs and time bombs are 


Trojan Horse programs; time bombs are a type of logic bomb, 


Time Domain Method of representing a signal where the vertical deflection is the signals amplitude, and 


the horizontal deflection is the time variable. 


Time Stamping An electronic equivalent of mail franking. 
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Time-Compliance Date Date by which a mandatory modification to a COMSEC end-item must 


be incorporated if the item is to remain approved for operational use. 


Time-Dependent Password Password that is valid only at a certain time of day or during a specified 


interval of time. 


Timelines Chronological graphs where events related to an incident can be mapped to look for 
relationships in complex cases. Timelines can provide simplified visualization for presentation to management 


and other nontechnical audiences. 
Timely In-time, reasonable access to data or system capabilities. 


Timestamping The practice of tagging each record with some moment in time, usually when the record was 


created or when the record was passed from one environment to another. 


Tip Side Side of the line when measured with a voltmeter to an earth ground that should read zero 
voltage. 
TLD Top Level Domain. Is the last (right-hand) part of a complete Domain Name. For example 


in the domain name www.matisse.net ".net" is the TLD. There are a large number of TLD's, for 
example .biz, .com, .edu, .gov, .info, .int, .mil, net, .org, and a collection of two-letter TLD's corresponding to 


the standard twoletter country codes, for example, us, .ca, .jp, etc. 


TLS Transport Layer Security. A protocol that provides communications privacy over the 
Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent 
eavesdropping, tampering, or message forgery. Transport Layer Security (TLS) is composed of two layers: the 
TLS Record Protocol and the TLS Handshake Protocol. The TLS Record Protocol provides connection 
security with some encryption method such as the Data Encryption Standard (DES). The TLS Record 
Protocol can also be used without encryption. The TLS Handshake Protocol allows the server and client to 
authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is 


exchanged. 

TLSI Transport Layer Security protocol. 

TMAC A two-keyed variant of the CBC-MAC that overcomes the fundamental limitation of that 
MAC. 

TMC TEMPEST-Approved Personal Computer. A personal computer that is currently listed on 
the Preferred Products List (PPL) or Evaluated Products List (EPL). 

TNI Trusted network interpretation of TCSEC. 

TOCTOU problem Time-of-check, time-of-use race condition, A type of race condition 


between multiple processes on a file system. Generally what happens is that a single program checks some sort 
of property on a file, and then in subsequent instructions tries to use the resource if the check succeeded. The 
problem is that even if the use comes immediately after the check there is often some significant chance that a 
second process can invalidate the check in a malicious way. For example, a privileged program might check 
write privileges on a valid file, and the attacker can then replace that file with a symbolic link to the system 
password file. 


TOE Target of Evaluation. In accordance with Common Criteria, an information system is part of 


a system or product, and all associated documentation that is the subject of a security evaluation. 
y’ P J y 
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Token Passing A network access method that uses a distinctive character sequence as a symbol (token), 
which is passed from node to node, indicating when to begin transmission. Any node can remove the token, 


begin transmission, and replace the token when it is finished. 


Token Ring A type of area network in which the devices are arranged in a virtual ring in which the 


devices use a particular type of message called a token to communicate with one another. 


Token A device that is used to authenticate a user, typically in addition to a username and password. 
A token is usually a device the size of a credit card that displays a pseudo random number that changes every 


few minutes. 


Tokenization A process by which the primary account number (PAN) is replaced with a surrogate value 
called a token. Tokens can be used in place of the original PAN to perform functions when the card is absent 
like voids, refunds, or recurring billing. Tokens also provide more security if stolen because they are unusable 


and thus have no value to a criminal. 


Tool Box A tool box implies a group of different applications that provide similar services. For 


example, a security tool box contains different security-related programs, which a user might employ as needed. 
P y y prog 8 ploy 


Toolbar An add-in for a web browser that adds functionality. 

Topology The physical layout of how computers are linked together. Examples of topology include 
ring, star and bus. 

Tor The Onion Router. 

Total Risk The potential for the occurrence of an adverse event if no mitigating action is taken (i.e., the 


potential for any applicable threat to exploit a system vulnerability). 


Touch Screen Special screen the user touches to perform a particular function. 


Touchpad Popular on notebook computers, a stationary mouse that is touched with the finger. 

TPA (1) Third-Party Administrator. 

TPA (2) Trading Partner Agreement. 

TPC Two-Person Control. Continuous surveillance and control of positive control material at all 


times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized 
procedures with respect to the task being performed and each familiar with established security and safety 


requirements. 


TPI Two-Person Integrity. System of storage and handling designed to prohibit individual access 
by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or 


unauthorized security procedures with respect to the task being performed. 


TPM Chip Trusted Platform Module Chip. A tamper-resistant integrated circuit built into some 
computer motherboards that can perform cryptographic operations (including key generation) and protect 


small amounts of sensitive information, such as passwords and cryptographic keys. 


TPS Transactional Processing System. The processing of transactions as they occur rather than in 


batches. 
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Traceroute (1) A program available on many systems that traces the path a packet takes to a destination. 
It is mostly used to debug routing problems between hosts. There is also a traceroute protocol defined in RFC 
1393, (2) The traceroute or finger commands to run on the source machine (attacking machine) to gain more 


information about the attacker. 


Trackball An upside-down, stationary mouse in which the ball is moved instead of the device. Used 


mainly for notebooks. 


Tracking Cookie A cookie placed on a user‘s computer to track the user‘s activity on different Web sites, 


creating a detailed profile of the user‘s behavior. 


Tradecraft Identity An identity used for the purpose of work-related interactions that may or 


may not be synonymous with an individual’s true identity. 


Trademark A registered word, letter, or device granting the owner exclusive rights to sell or distribute 


the goods to which it is applied. 


Trading Partner Agreement A contractual arrangement that specifies the legal terms and conditions 
under which parties operate when conducting transactions by the use of EDI. It may cover such things as 
validity and formation of contract; admissibility in evidence of EDI messages; processing and acknowledgment 
of receipt of EDI messages; security; confidentiality and protection of personal data; recording and storage of 
EDI messages; operational requirements for EDI--message standards, codes, transaction and operations logs; 
technical specifications and requirements; liability, including use of intermediaries and third party service 


providers; dispute resolution; and, applicable law. 


Traditional INFOSEC Program Program in which NSA acts as the central procurement agency for the 
development and, in some cases, the production of INFOSEC items. This includes the Authorized Vendor 
Program. Modifications to the INFOSEC end-items used in products developed and/or ptoduced under these 
programs must be approved by NSA. 


Traditional Technology Approach Has two primary views of any system information and procedures and it 


keeps these two views separate and distinct at all times. 


Traffic Analysis A form of passive attack in which an intruder observes information about calls (although not 
necessarily the contents of the messages) and makes inferences, e.g., from the source and destination numbers, 
or frequency and length of the messages; the analysis of patterns in communications for the purpose of gaining 
intelligence about a system or its users. It does not require examination of the content of the communications, 
which may or may not be decipherable. For example, an adversary may be able to detect a signal from a reader 
that could enable it to infer that a particular activity is occurring (e.g., a shipment has arrived, someone is 
entering a facility) without necessarily learning an identifier or associated data; Gaining knowledge of 
information by inference from observable characteristics of a data flow, even if the information is not directly 
available (e.g., when the data is encrypted). These characteristics include the identities and locations of the 


source(s) and destination(s) of the flow, and the flow's presence, amount, frequency, and duration of 


occurrence. 
Traffic Flow Confidentiality A confidentiality service to protect against traffic analysis. 
Traffic Flow Security The protection that results from those features in some cryptography 


equipment that conceal the presence of valid messages on a communications circuit, usually by causing the 


circuit to appear busy at all times or by encrypting the source and destination addresses of valid messages. 
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Traffic Light Protocol A set of designations employing four colors (RED, AMBER, GREEN, 


and WHITE) used to ensure that sensitive information is shared with the correct audience. 


Traffic Padding Generation of mock communications or data units to disguise the amount of real data units 


being sent. 


Traffic Security A collection of techniques for concealing information about a message to include existence, 
sender, receivers and duration. Methods of traffic security include call-sign changes, dummy messages and 


radio silence. 
Traffic-Flow Security (TFS) Techniques to counter Traffic Analysis. 


Tragedy of Commons A situation, first described in an influential article written by ecologist 
Garrett Hardin for the journal Science, in 1968, in which multiple individuals, acting independently, and 
solely and rationally consulting their own self-interest, will ultimately deplete a shared limited resource even 
when it is clear that it is not in anyone's long-term interest for this to happen. The term can be applied to any 


issue related to the management of a shared resource, from energy to the public domain, to cybersecurity. 
Training Assessment An evaluation of the training efforts. 


Training Effectiveness Evaluation Information collected to assist employees and their supervisors in assessing 
individual students’ subsequent on-the-job performance, to provide trend data to assist trainers in improving 
both learning and teaching, and to be used in return-on investment statistics to enable responsible officials to 
allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, 


security literacy, training, and education options for optimal results among the workforce as a whole. 


Training Effectiveness A measurement of what a given student has learned from a specific course 
or training event, i.e., learning effectiveness; a pattern of student outcomes following a specific course or 
training event; teaching effectiveness; and the value of the specific class or training event, compared to other 


options in the context of an agency’s overall IT security training program; program effectiveness. 
Training Matrix A table that relates role categories relative to IT systems. 
Training Training strives to produce relevant and needed information security skills and competencies. 


Tranquility Property whereby the security level of an object cannot change while the object is being 


processed by an information system. 
Transaction File A collection of records containing data generated from the current business activity. 


Transaction Path One of many possible combinations of a series of discrete activities that cause an event to 
take place. All discrete activities in a transaction path are logically possible. Qualitative or quantitative 


probability measures can be assigned to a transaction path and its individual activities. 


Transaction A transaction is an activity or request, usually pertaining to business, such as orders and 
y q yP g 

purchases. Transaction processing systems respond to user requests and then complete a transaction, for 

example an automatic teller machine responding to a customer. New transactions update master files that are 


stored in the computer. 


Transceiver The physical device that connects a host interface to a local area network, such as Ethernet. 


Ethernet transceivers contain electronics that apply signals to the cable and sense collisions. 
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TRANSEC Transmission Security. Measures (security controls) applied to transmissions in order to 
prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by 
analysis of transmission characteristics such as signal parameters or message externals. TRANSEC is that field 
of COMSEC which deals with the security of communication transmissions, rather than that of the 


information being communicated. 


Transform Domain Techniques — Various methods of signal and image processing (Fast Fourier Transform, 


Discrete Cosine Transform, etc.) used mainly for the purposes of compression. 


Transformation Analysis The process of detecting areas of image and sound files that is unlikely to 
be affected by common transformations and hide information in those places. The goal is to produce a more 


robust watermark. 


Transmission The state that exists when information is being electronically sent from one location to one 


or more other locations. 
Transnational Firm A firm that produces and sells products and services all over the world. 


Transparency A set of policies, practices and procedures that allow citizens to have accessibility, usability, 


informativeness, understandability and auditability of information and process held by centers of authority. 
Transport Layer Security Protocol The public version of SSL3, being specified by the IETF. 


Transport Layer The layer of the ISO Reference Model responsible for managing the delivery of data over a 


communications network. 


Transport Mode An IPSec protocol used with ESP or Alt in which the ESP or Alt header is inserted between 
the IP header and the upper-layer protocol of an IP packet. 


Trap Door (1) A means of reading cryptographically protected information by the use of private 
knowledge of weaknesses in the cryptographic algorithm used to protect the data. (2) In cryptography, one-to- 
one function that is easy to compute in one direction, yet believed to be difficult to invert without special 


information. 
Trickery Talking someone into revealing secrets or embarrassing information, then sharing it online. 


Triple DES An implementation of the Data Encryption Standard (DES) algorithm that uses three passes 
of the DES algorithm instead of one as used in ordinary DES applications. Triple DES provides much 
stronger encryption than ordinary DES but it is less secure than AES. 


TRM Technical Reference Model. A component-driven, technical framework that categorizes the 


standards and technologies to support and enable the delivery of service components and capabilities. 


Trojan Horse Software Software the user does not want that is hidden inside software the user 
wants. 

Trojan Horse Virus Hides inside other software. Usually an attachment or download. 

Trojan Horse A computer program that appears to have a useful function, but also has a 


hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate 


authorizations of a system entity that invokes the program, 
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Trolling Deliberately posting false information to entice a genuinely helpful people to respond and 


contribute to the discussion. 
TRP Trusted path/ channels, trusted path. 


True Search Engine Uses software agent technologies to search the Internet for key words and 


then places them into indices. 


Trust Anchor A public key and the name of a certification authority that is used to 
validate the first certificate in a sequence of certificates. The trust anchor’s public key is used to verify the 
signature on a certificate issued by a trust anchor certification authority. The security of the validation process 
depends upon the authenticity and integrity of the trust anchor. Trust anchors are often distributed as self- 


signed certificates. 


Trust List The collection of trusted certificates used by Relying Parties to authenticate other 
certificates. 
Trust Reliance on the ability of a system or process to meet its specifications. 


Trusted Agent Entity authorized to act as a representative of an agency in confirming Subscriber 
identification during the registration process. Trusted Agents do not have automated interfaces with 


Certification Authorities. 


Trusted Certificate A certificate that is trusted by the Relying Party on the basis of secure and 
authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also 


known as a "trust anchor." 


Trusted Channel A channel where the endpoints are known and data integrity is protected in transit. 
Depending on the communications protocol used, data privacy may be protected in transit. Examples include 


SSL, IPSEC, and secure physical connection. 


Trusted Computer System A system that employs sufficient hardware and software assurance 


measures to allow its use for processing simultaneously a range of sensitive or classified information, 


Trusted Distribution Method for distributing trusted computing base (TCB) hardware, 


software, and firmware components that protects the TCB from modification during distribution, 


Trusted Execution Technology Intel Trusted Execution Technology (Intel TXT, formerly known as 
LaGrande Technology) is a computer hardware technology whose primary goals are: (1) Attestation of the 
authenticity of a platform and its operating system; (2) Assuring that an authentic operating system starts in a 
trusted environment, which can then be considered trusted; and (3) Providing of a trusted operating system 
with additional security capabilities not available to an unproven one. Intel TXT uses a Trusted Platform 
Module (TPM) and cryptographic techniques to provide measurements of software and platform components 
so that system software as well as local and remote management applications may use those measurements to 
make trust decisions. This technology is based on an industry initiative by the Trusted Computing Group 
(TCG) to promote safer computing. It defends against software-based attacks aimed at stealing sensitive 


information by corrupting system or BIOS code, or modifying the platform's configuration. 


Trusted Foundry Facility that produces integrated circuits with a higher level of integrity assurance. 
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Trusted Guard A computer system that is trusted to enforce a particular guard policy, such as ensuring the 
flow of only unclassified data from a classified system or ensuring no reverse flow of pest programs from an 


untrusted system to a trusted system. 


Trusted Identification Forwarding Identification method used in information system networks whereby the 
sending host can verify an authorized user on its system is attempting a connection to another host. The 


sending host transmits the required user authentication information to the receiving host. 


Trusted Path A mechanism by which a user (through an input device) can communicate 
directly with the security functions of the information system with the necessary confidence to support the 
system security policy. This mechanism can only be activated by the user or the security functions of the 


information system and cannot be imitated by untrusted software. 

Trusted Process Process that has been tested and verified to operate only as intended. 
Trusted RecoveryAbility to ensure recovery without compromise after a system failure. 
Trusted Software Software portion of a trusted computing base (TCB). 


Trusted Third Party An entity in a system to whom entities must extend some implicit trust. 


For example, in a typical Public Key Infrastructure, the Certification Authority constitutes a trusted third party. 


Trusted Timestamp A digitally signed assertion by a trusted authority that a specific digital 


object existed at a particular time. 


Trusted Zone A channel in which the end points are known and data integrity is 
protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. 


Examples include secure socket layer, internet protocol security and a secure physical connection. 


Trustworthiness The attribute of a person or organization that provides confidence to others of the 
qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned 
responsibilities. Security decisions with respect to extended investigations to determine and confirm 


qualifications, and suitability to perform specific tasks and responsibilities. 


Trustworthy System Computer hardware, software and procedures that 1) are reasonably secure 
from intrusion and misuse; 2) provide a reasonable level of availability, reliability, and correct operation; 3) are 


reasonably suited to performing their intended functions; and 4) adhere to generally accepted security 


procedures. 

TSEC Nomenclature System for identifying the type and purpose of certain items of COMSEC 
material. 

TSEC Telecommunications Security. 

TSF TOE Security Functions. Set consisting of all hardware, software, and firmware of the TOE 
that must be relied upon for the correct enforcement of the TOE Security Policy (TSP). 

TSP TOE Security Policy. Set of rules that regulate how assets are managed, protected, and 
distributed within the TOE. 

TTL Time-to-live. 

TTPs Tools, Techniques and Processes 
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Tunnel Mode Used to protect traffic between different networks when traffic must travel 


through intermediate or untrusted networks. Tunnel mode encapsulates the entire IP packet with and AH or 
gs iP P 


ESP header and an additional IP header. 
Tunnel The paths that the encapsulated packets follow in an Internet virtual private network (VPN). 


Tunneling A technique to encapsulate one communication data stream inside of another, in order to 
extend the advantages of the latter to the former. Attackers will often tunnel a network protocol that would 
not be allowed to cross network boundaries inside of another that is allowed, defeating perimeter defense; 
Technology enabling one network to send its data via another network‘s connections. Tunneling works by 


encapsulating a network protocol within packets carried by the second network. 


Turnkey System A complete, ready-to-operate system that is purchased from a vendor as opposed to a system 


developed in-house. 


Tweet A posting made on the social media website Twitter. 
Twisted Pair A type of network physical medium made of copper wires twisted around each other. 
Twisted-Pair Wire A communication medium that consists of pairs of wires that are twisted 


together and bound into cable. 


Two-factor Authentication The use of two independent mechanisms for 
authentication, (e.g., requiring a smart card and a password) typically the combination of something you know, 
are or have. Existing authentication methodologies involve three basic factors: Something the user knows (e.g., 
password, PIN); Something the user has (e.g., ATM card, smart card); and Something the user is (e.g., 
biometric characteristic, such as a fingerprint), T-FA requires that a user present two of the three possible 
factors to the Authentication mechanism. A known flaw in some T-FA systems is the server storage of a hash 
representation of the credentials contained on the smart card or token. With this in hand, the attacker can 
replay that data to the authentication system; in this case, that of the proxy server, without needing the physical 


card or token. 


Twofish A modern block cipher with 128-bit blocks and variable-sized keys. A finalist in the AES 


competition; it is an evolution of the Blowfish cipher. 


Two-Part Code Code consisting of an encoding section, in which the vocabulary items (with their associated 
code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code 


groups (with their associated meanings) are arranged in a separate alphabetical or numeric order. 


Type I Key Generated and distributed under the auspices of NSA for use in a cryptographic device for 


the protection of national security information. 


Type I Product Cryptographic equipment, assembly or component classified or certified by NSA for 
encrypting and decrypting national security information when appropriately keyed. Developed using 
established NSA business processes and containing NSA-approved algorithms. Used to protect systems 


requiring the most stringent protection mechanisms. 


Type 2 Key Generated and distributed under the auspices of NSA for use in a cryptographic device for 


the protection of unclassified information. 


Type 2 Product Cryptographic equipment, assembly, or component certified by NSA for encrypting or 
decrypting sensitive information when appropriately keyed. Developed using established NSA business 
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processes and containing NSA-approved algorithms. Used to protect systems requiring protection mechanisms 


exceeding best commercial practices including systems used for the protection of unclassified 
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Type 3 Key Used in a cryptographic device for the protection of unclassified sensitive information, even 


if used in a Type I or Type 2 product. 


Type 3 Product Unclassified cryptographic equipment, assembly, or component used, when appropriately 
keyed, for encrypting or decrypting unclassified sensitive U.S. government or commercial information, and to 
protect systems requiring protection mechanisms consistent with standard commercial practices. Developed 


using established commercial standards and containing NIST-approved cryptographic algorithms /modules or 





successfully evaluated by the National Information Assurance Partnership (NIAP). 


Type 4 Key Used by a cryptographic device in support of its Type 4 functionality, i.e, any provision of 


key that lacks U.S. government endorsement or oversight. 


Type 4 Product Unevaluated commercial cryptographic equipment, assemblies, or components that neither 
NSA nor NIST certify for any government usage. These products are typically delivered as part of commercial 
offerings and are commensurate with the vendor’s commercial practices. These products may contain either 
vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and 
published in a FIPS, 


Type Accreditation A form of accreditation that is used to authorize multiple instances of a 
major application or general support system for operation at approved locations with the same type of 
computing environment. In situations where a major application or general support system is installed at 
multiple locations, a type accreditation will satisfy C&A requirements only if the application or system consists 


of a common set of tested and approved hardware, software, and firmware. 
UART Universal Asynchronous Receiver /Transmitter. 


UAT User Acceptance Testing, Determines if the system satisfies the business requirements and 


enables the knowledge workers to perform their jobs correctly. 
UAU User Authentication. 


UDP User Datagram Protocol. A connectionless Internet protocol that is designed for network 
efficiency and speed at the expense of reliability. A data request by the client is served by sending packets 
without testing to verify whether they actually arrive at the destination, not whether they were corrupted in 


transit. It is up to the application to determine these factors and request retransmissions. 


UDP User Datagram Protocol. Connectionless transport layer protocol in the TCP/IP stack. 
UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, 


requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC 768. 
UID User Identification. 


UMAC A secure MAC based on a set of universal hash functions that is extremely fast in software 


but so complex that there has never been a validated implementation. 


UN/CEFACT United Nations Centre for Facilitation of Procedures and Practices for 
Administration, Commerce, and Transport. An international organization dedicated to the elimination or 


simplification of procedural barriers to international commerce. 
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UN/EDIFACT United Nations Rules for Electronic Data Interchange for Administration, Commerce, and 
Transport. An international EDI format. Interactive X12 transactions use the EDIFACT message syntax. 


Unallocated Space The set of clusters that has been marked as available to store information 


but has not yet received a file, or still contains some or all of a file marked as deleted. 


Unauthorized Disclosure Exposure of information to individuals not authorized to receive it. 
Uncertainty The difficulty of predicting an outcome due to limited knowledge of all components. 
Unclassified Information that has not been determined pursuant to E.O, 12958, as 


amended, or any predecessor order, to require protection against unauthorized disclosure and that is not 


designated as classified. 
Understanding Real-world knowledge in context. 


Unencrypted Data Any data that is readable without the need to decrypt it first. Also called 


“plaintext” and “clear text” data. 


Unftiend Unfriending. The act of removing someone from your friends or followers list on a social 


network site. 


UNI User Network Interface. 
Uninstall To remove an application or file from a computer. 
Uninstaller Software Utility software that can be used to remove software that the user no 


longer wants from the hard disk. 


Unit Testing The testing of a module for typographic, syntactic, and logical errors and for correct 


implementation of its design and satisfaction of its requirements. 


Universal Hash Function A keyed hash function that has ideal hash properties. In practice, the only 
practical functions of this nature are really "almost universal" hash functions, meaning they come very close to 
being ideal. Universal and near-universal hash functions are not cryptographically secure when used naively for 


message authentication but can be adapted to be secure for this purpose easily. 


UNIX An operating system initially developed by Bell Labs. Used primarily on engineering 
workstations and computers, and networked systems. UNIX is difficult for nontechnical people to use but is 


becoming increasingly popular in the business environment in supporting GUI applications. 
Unsigned Data Data included in an authentication token, in addition to a digital signature. 


Untrusted Process Process that has not been evaluated or examined for correctness and 
adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the 


security mechanisms, 


UPC Universal Product Code. An array of varied width lines that can be read by special machines 
(e.g, OCR devices) and converted into alphanumeric data. This method is used to mark merchandise for 


direct input of sales transactions. 


Update The file processing activity in which master records are altered to reflect the current business 


activity contained in transactional files. 
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Upgrade An improved or more modern version of hardware or software. 


Upgrading The determination that particular unclassified or classified information requires a higher 
degree of protection against unauthorized disclosure than currently provided. Such determination shall be 


coupled with a marking of the material with the new designation. 
P g gs 


Uplink Frequencies In satellites, the frequency used from the earth station up to the satellite. 


In data, the frequency used to send data from a station to a head end or mainframe. 
Upload Transmission of data from a local computer system onto a remote computer system. 


UPP User Partnership Program. Partnership between the NSA and a U.S. government agency to 
facilitate development of secure information system equipment incorporating NSA-approved cryptography. 
The result of this program is the authorization of the product or system to safeguard national security 


information in the user’s specific application. 


URL Obfuscation Taking advantage of human error, some scammers use phishing emails to 
guide recipients to fraudulent sites with names very similar to established sites. They use a slight misspelling or 
other subtle difference in the URL, such as “monneybank.com” instead of “moneybank.com’ to redirect users 


to share their personal information unknowingly. 


URL Uniform Resource Locator; Universal Resource Locator. An address for resource available 
on the Internet. The first part of a URI is called the "scheme". The most well-known scheme is http, but there 
are many others. Each URI scheme has its own format for how a URI should appear. Here are examples of 
URIs using the http, telnet, and news schemes; In the Hypertext Transfer Protocol (HTTP), a string of 
characters that identifies an Internet resource, including the type of resource and its location. There are two 


types of URIs: uniform resource locators (URLs) and relative URLs (RELURLs). 


URN Uniform Resource Name. A URI that is supposed to be available for a long time. For an 
address to be a URN some institution is supposed to make a commitment to keep the resource available at 


that address. 


USB Device A tablet, or tablet PC, is a portable computer (smaller than a laptop) that uses a touchscreen 


as its primary input device. 


USB Drive A data storage device that is used to store, back up, and transfer computer files. 
USB Port A type of connection between devices that can exchange information and power supply. 
USB Universal Serial Bus. It is becoming the most popular means of connecting devices to a 


computer. Most standard desktops today have at least 2 USB ports, and most standard notebooks have at least 


one. 
USC United States Code. 


US-CERT The U.S, Computer Emergency Readiness Team, part of the U.S. Department of Homeland 
Security’s National Cybersecurity and Communications Integration Center. USCERT is a partnership between 
the Department of Homeland Security and the public and private sectors, established to protect the nation’s 


Internet infrastructure. US-CERT coordinates defense against and responses to cyber attacks across the nation. 
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Use With respect to individually identifiable health information, the sharing, employment, 
application, utilization, examination, or analysis of such information within an entity that maintains such 
information. 

USENET A world-wide system of discussion groups, with comments passed among hundreds of 


thousands of machines. Not all USENET machines are on the Internet. USENET is completely decentralized, 


with over 10,000 discussion areas, called newsgroups. 


User Account — The record of a user kept by a computer to control their access to files and programs. 


User Agent An intelligent agent that takes action on the user’s behalf. 
User Documentation Highlights how to use the system. 
User ID Unique symbol or character string used by an information system to identify a specific user. 


User Information The individual, or organization, who has been authorized access to the information asset by 


the owner. 


User Initialization A function in the life cycle of keying material; the process whereby a user 


initializes its cryptographic application (e.g., installing and initializing software and hardware). 


User Interface Impersonation Can be a pop-up ad that impersonates a system dialog, an ad that 


impersonates a system warning, or an ad that impersonates an application user interface in a mobile device. 


User Interface Management The component of the expert system that is used to run a consultation. 
User mode Used for the execution of normal system activities. 
User Provisioning A process to create, modify, disable and delete user accounts and their 


profiles across IT infrastructure and business applications. 


User RegistrationA function in the life cycle of keying material; a process whereby an entity becomes a 


member of a security domain. 


User Representative The person that defines the system’s operational and functional 
requirements, and who is responsible for ensuring that user operational interests are met throughout the 


systems authorization process. 


User/Subscriber An individual procuring goods or services online who obtains a certificate from a 
certification authority. Since both consumers and merchants may have digital certificates which are used to 
conclude a transaction, they may both be subscribers in certain circumstances. This person may also be referred 


to as the signer of a digital signature or the sender of data message signed with a digital signature. 


User’s Identification A character string which validates authorized user access. 
Username The short name, usually meaningful in some way, associated with a particular computer user. 
USGCB United States Government Configuration Baseline. The USGCB provides security 


configuration baselines for Information Technology products widely deployed across the federal agencies. The 
USGCB baseline evolved from the federal Desktop Core Configuration mandate. The USGCB is a Federal 
government-wide initiative that provides guidance to agencies on what should be done to improve and 


maintain an effective configuration settings focusing primarily on security. 
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USR Guidance documents, user guidance. 
Utility software Software that provides additional functionality to the operating system. 


UTM/USM Unified Threat Management/ Unified Security Management. A solution in the network 
security industry, and since 2004 it has become established as a primary network gateway defense solution for 
organizations. In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product 
able to perform multiple security functions within one single system network firewalling, network intrusion 
prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data loss 


prevention and on-appliance reporting. 


UTP Unshielded Twisted Pair. A generic term for “telephone” wire used to carry data such as 
10Base-T and 1O00Base-T. Various categories (qualities) of cable exist that are certified for different kinds of 


networking technologies. 


UUENCODE UNIX to Unix Encoding. A method for converting files from Binary to 
ASCII (text) so that they can be sent across the Internet via email. 


VA vulnerability assessment, is a process that defines, identifies, and classifies the security holes 


(vulnerabilities) in a computer, network, or communications infrastructure. 


Valid Data Element A payload, an associated data string, or a nonce that satisfies the 


restrictions of the formatting function. 
Valid Logically correct (with respect to original data, software, or system). 


Validation Phase The users, acquisition authority, and DAA agree on the correct implementation of the 


security requirements and approach for the completed IS. 


Validation The process of demonstrating that the system under consideration meets in all respects the 
specification of that system Confirmation (through the provision of strong, sound, objective evidence) that 
requirements for a specific intended use or application have been fulfilled (e.g., a trustworthy credential has 
been presented, or data or information has been formatted in accordance with a defined set of rules, or a 
specific process has demonstrated that an entity under consideration meets, in all respects, its defined attributes 


or requirements). 


Validation, Verification, and Testing Used as an entity to define a procedure of review, 
analysis, and testing throughout the software life cycle to discover errors; the process of validation, verification, 


and testing determines that functions operate as specified and ensures the production of quality software. 
d testing det that funct perat pecified and the product f quality soft 


Value chain A tool that views the organization as a chain or series of processes, each of which adds value 


to the product or service for the customer. 


Value Network All the resources behind the click on a Web page that the customer does not see, but that 
together create the customer relationship-service, order fulfillment, shipping, financing, information brokering, 


and access to other products. 


Value The relative worth or importance of an investment for an enterprise, as perceived by its key 
stakeholders, expressed as total life cycle benefits net of related costs, adjusted for risk and (in the case of 


financial value) the time value of money. 
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VAN Value-Added Network. A communications network using existing common carrier networks 


and providing such additional features as message switching and protocol handling. 


Vandalism obvious, unauthorized, malicious modification or destruction of data such as information on 
Web sites. 

Variant One of two or more code symbols having the same plain text equivalent. 

Vault A vault is a remote location, separate from the user's computer, where user data are stored. 


The process of data vaulting sends data off site, where it can be protected from hardware failures, theft and 
other threats. To secure vaulted data, vaulting security software can compress and encrypt the data before it 


leaves the user's computer. The data is then stored in the vault by number. 


VBR Variable bit rate. 
VC Virtual circuit. 
VCDB VERIS Community Database. Is a community data initiative to catalog security incidents in 


the public domain using the VERIS framework. The database contains raw data for thousands of security 
incidents shared under a creative commons license. Users can download the latest release, follow the latest 


changes on github, and even help catalog and code incidents to grow the database. 


VCI Virtual channel identifier (X.25). 
VCN Virtual circuit number (X.25). 
Vector Image A digital image that is created through a sequence of commands or 


mathematical statements that places lines and shapes in a given two or three-dimensional space. 


Vector Also known as “attack vector” routes or methods used to get into computer systems, usually 
for nefarious purposes. They take advantage of known weak spots to gain entry. Many attack vectors take 


advantage of the human element in the system because that is often the weakest link. 


Verification Phase The process of determining compliance of the evolving IS specification, 


design, or code with the security requirements and approach agreed on by the users, acquisition authority, and 


DAA. 


Verification (1) The authentication process by which the biometric system matches a captured biometric 
against the person’s stored template. (2) The demonstration of consistency, completeness, and correctness of 


the software at and between each stage of the development life cycle. 
Verified Name A Subscriber name that has been verified by identity proofing. 


Verifier Impersonation Attack A scenario where the Attacker impersonates the Verifier in an 


authentication protocol, usually to capture information that can be used to masquerade as a Claimant to the 


real Verifier. 


Verifier An entity which is or represents the entity requiring an authenticated identity. A verifier 


includes the functions necessary for engaging in authentication exchanges. 


Verify To determine accurately that (a) the digital signature was created by the private key 
corresponding to the public key and (b) the message has not been altered since its digital signature was created. 
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VERIS The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics 
designed to provide a common language for describing security incidents in a structured and repeatable manner. 
VERIS is a response to one of the most critical and persistent challenges in the security industry a lack of 
quality information. VERIS targets this problem by helping organizations to collect useful incident-related 


information and to share that information anonymously and responsibly with others. 


Versatility Versatility is the ability to adapt readily to unforeseen requirements. The subordinate 


elements of versatility are flexibility, interoperability, and autonomy. 


Vertical Defense-in Depth Controls are placed at different system layers hardware, 


operating system, application, database or user levels. 


Vertical Market Software Application software that is unique to a particular industry. 
Video disk An optical disk that can store images. 
Videotext Generic text that refers to a computer information system that uses television, 


telecommunication, and computer technologies to access and manipulate large, graphics-oriented databases. 


Virtual Circuit A network service that provides connection-oriented service, regardless of the underlying 


network structure. 


Virtual Marketing Encourages users of a product or service supplied by a B2C (buyer to 


customer) company to ask friends to join. 


Virtual Memory A method of extending computer memory using secondary storage devices to store program 


pages that are not being executed at the time. 


Virtual Military Technologies Warfare made possible by advances in remotely controlled or 
semiautomated military technologies which remove the operator from risk of harm while attacking an 
opponent. 

Virtual Payment Terminal Web-browser-based access to an acquirer, processor or 


third-party service provider website to authorize payment card transactions. Unlike physical terminals, virtual 
payment terminals do not read data directly from a payment card. The merchant manually enters payment card 
data via the securely connected web browser. Because payment card transactions are entered manually, virtual 
payment terminals are typically used instead of physical terminals in merchant environments with low 


transaction volumes. 


Virtual Reality Virtual reality is a computer simulation of a real three-dimensional world, often 
supplemented by sound effects. Examples include 3D flight simulators or first-person games where you 
explore 3D worlds. 


Virtual Workplace A technology-enabled workplace no walls, no boundaries, work anytime, 
anyplace. Linked to other people and information the user needs. 


Virtualization The process of adding a "guest application" and data onto a "Virtual server," recognizing 
that the guest application will ultimately part company from this physical server. 
Virus Signature Files A file of virus patterns that are compared with existing files to determine if 


they are infected with a virus. The vendor of the antivirus software updates the signatures frequently and 


makes the available to customers via the web. 
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Virus A computer program that can replicate itself, infect a computer without permission or 
knowledge of the user, and then spread or propagate to another computer. A virus might display irritating 
messages, steal, corrupt or erase data on a computer, give other users control over the infected computer, or use 


email programs to spread itself to other computers. 


Vishing Soliciting private information from customers or members of a business, bank or other 
organization in an attempt to fool them into divulging confidential personal and financial information. People 
are lured into sharing user names, passwords, account information or credit card numbers, usually by an 
official-looking message in an email or a pop-up advertisement that urges them to act immediately but in a 


vishing scam, they are urged to call the phone number provided rather than clicking on a link. 


Visible Noise The degradation of a cover as a result of embedding information. Visible 


noise will indicate the existence of hidden information. 


Visible Watermark A visible and translucent image that is overlaid on a primary image. Visible 
watermarks allow the primary image to be viewed, but still marks it clearly as property of the owner. A 


digitally watermarked document, image, or video clip can be thought of as digitally stamped. 
VLA Vulnerability assessment, vulnerability analysis. 


VLAN Virtual Local Area Network. Logical segmentation of a LAN into different broadcast 
domains. A VLAN is set up by configuring ports on a switch, so devices attached to these ports may 
communicate as if they were attached to the same physical network segment, although the devices are located 


on different LAN segments. A VLAN is based on logical rather than physical connections. 


VLSM Variable-Length Subnet Mask. 

VM Virtual Machine. Software that allows a single host to run one or more guest operating 
systems. 

VMAC Variant of UMAC optimized for 64-bit architectures. 

Voice mail An e-mail system that allows a regular voice message to be digitally stored at the receiving 


location and converted back to voice form when it is accessed. 


Voice Over Internet Protocol A specification and various technologies used to allow making telephone 
calls over IP networks, especially the Internet. Just as modems allow computers to connect to the Internet over 
regular telephone lines, VOIP technology allows humans to talk over Internet connections. Costs for VOIP 
calls can be a lot lower than for traditional telephone calls. Because the IP networks are packet-switched this 
allows for vastly different ways of handling connections and more efficient use of network resources; a 
technology that allows voice communication to be transmitted via the internet in the same way one might use a 
telephone to make a phone call. Popular use of VOIP technology is through the software Skype, which allows 


users to make video and phone calls via the internet for a relatively low cost to anywhere in the world. 


Voice Processing A system that recognizes spoken words as well as touch tones from telephones. Basically, a 
“voice” computer in that it (theoretically) can do anything a computer can do, and can recognize voice 


commands. 


Voice Synthesizer An input and output device that can either interpret and convert human 
speech into digital signals for computer processing or convert digital signals into audible signals that resemble 


human speech. 
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Voice-over Internet Protocol (VoIP) IP Telephony, Internet Telephony and Broadband 
Phone. A technology that makes it possible to have a voice conversation over the Internet or over any 


dedicated Internet Protocol (IP) network instead of over dedicated voice transmission lines. 


VoIP Voice over Internet Protocol. 
Volatile data Data that changes frequently and can be lost when the system's power is shut down. 
Volt The unit of measurement of electromotive force. It is expressed as the potential difference in 


available energy between two points. One volt is the force required to produce a current of one ampere 


through a resistance or impedance of I ohm. 
Voltage The pressure under which a flow of electrons moves through a device. 


VPN Concentrator Virtual Private Network Concentrator. A system used to establish WPN 
tunnels and handle large numbers of simultaneous connections. This system provides authentication, 


authorization and accounting services. 


VPN Virtual Private Network. A secure private network that uses the public telecommunications 
infrastructure to transmit data. In contrast to a much more expensive system of owned or leased lines that can 
only be used by one company, VPNs are used by enterprises for both extranets and wide are intranets. Using 
encryption and authentication, a VPN encrypts all data that passes between two Internet points, maintaining 


privacy and security. 
VTAM Virtual Terminal Access Method. 


Vulnerability Analysis Vulnerability assessment. The process of identifying, quantifying, and 
prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability 
assessments are performed include, but are not limited to, information technology systems, energy supply 
systems, water supply systems, transportation systems, and communication systems. Such assessments may be 
conducted on behalf of a range of different organizations, from small businesses up to large regional 
infrastructures. A Vulnerability Assessment has many things in common with risk assessment and provides 
information on the flaws within the system that can be exploited along with recommendations on measures 


and processes to adopt or alter. 


Vulnerability Scan A software tool that detects and classifies potential weak points 
(vulnerabilities) on a computer or network. A scan may be performed by an organization’s IT department or a 


security service provider (such as an Approved Scanning Vendor). 


Vulnerability Scanning An automated process to proactively identify security weaknesses in a 


network or individual system. 


Vulnerability A characteristic or specific weakness that renders an organization or asset 
(such as information or an information system) open to exploitation by a given threat or susceptible to a given 
hazard. Characteristic of location or security posture or of design, security procedures, internal controls, or the 
implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of 
vulnerability) qualitative or quantitative expression of the level of susceptibility to harm when a threat or 


hazard is realized. 
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WAF. Web Application Firewall. An appliance, server plugin, or filter that applies a set of rules to 
an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and 


SQL injection, By customizing the rules to your application, many attacks can be identified and blocked. 


WAIS Wide Area Information Servers. Developed in the early 1990s WAIS was the first truly 
large-scale system to allow the indexing of huge quantities of information on the Web, and to make those 
indices searchable across networks such as the Internet. WAIS was also pioneering in its use of ranked (scored) 


results where the software tries to determine how relevant each result it. 
WAIS Wind Area Information Server. 


Walker An input device that captures and records the movement of the feet as the user walks or 


turns in different directions. 


Walk-through — A manual analysis technique in which the module author or developer describes the module's 


structure and logic to colleagues. 


Walled Garden An environment that controls the user‘s access to Web content and services. In effect, the 
walled garden directs the user's navigation within a website (blog), to allow access to a selection of material, or 


prevent access to other material. 


WAN Wide Area Network. A computer network connecting different remote locations that may 
range from short distances, such as a floor or building, to extremely long transmissions that encompass a large 


region or several countries. 


WAP (1) Wireless Access Point. A device that acts as a conduit to connect wireless communication 


devices together to allow them to communicate and create a wireless network. 


WAP (2) Wireless Application Protocol. A standard that defines the way in which Internet 


communications and other advanced services are provided on wireless mobile devices. 


WAP Wi-Fi Protected Access. A class of systems used to secure wireless (Wi-Fi) computer 
networks. WPA was created in response to several serious weaknesses that researchers found in the previous 
system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.1 1i standard, and 
was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is 
designed to work with all wireless network interface cards, but not necessarily with first generation wireless 
access points. WPA2 implements the full standard, but will not work with some older network cards. Both 
provide good security with two significant issues. First, either WPA or WPA2 must be enabled and chosen in 
preference to WEP; WEP is usually presented as the first security choice in most installation instructions. 
Second, in the "personal" mode, the most likely choice for homes and small offices, a pass phrase is required 
that, for full security, must be longer than the typical six to eight character passwords users are taught to 
employ. 


Warez Pronounced wayrz or wayrss. Commercial software that has been pirated and made available 
to the public via an electronic bulletin board system (BBS) or the Internet. Typically, the pirate has figured out 
a way to deactivate the copy protection or registration scheme used by the software. Note that the use and 


distribution of warez software is illegal. In contrast, shareware and freeware may be freely copied and 


distributed. 


Warm Site An environmentally conditioned workspace that is partially equipped with information 


systems and telecommunications equipment to support relocated operations in the event of a significant 
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disruption; backup site which typically contains the data links and preconfigured equipment necessary to 
rapidly start operations, but does not contain live data. Thus commencing operations at a warm site will (at a 


minimum) require the restoration of current data. 


Waterfall Life Cycle A software development process that structures the analysis, design, 
programming, and testing. Each step is completed before the next step begins. 


Watering Hole A computer attack strategy, in which the victim is a particular group (organization, industry, 
or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one 
or more of them with malware. Eventually, some member of the targeted group gets infected.Relying on 
websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing 
and other forms of phishing. 


Watermarking A form of marking that embeds copyright information about the artist or owner. 


Watt The unit of electricity consumption and representing the product of amperage and voltage. 
Waveforms The characteristic shape of a signal usually shown as a plot of amplitude over a period of 
time. 

Waveguide A conducting or dielectric structure able to support and propagate one or more modes. 
Wavelength The length of a wave measured from any point on one wave to the corresponding point on 


the next wave. 
WDM Wavelength-division multiplexing. 


Weak Collision Resistance A property that a hash function may have (and a good 
cryptographic hash function will have), characterized by it being unfeasible to find a second input that 


produces the same output as a known input. 


Weakness A shortcoming or imperfection in software code, design, architecture, or deployment that, 


under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities. 


Wearable Computer A fully equipped computer that is worn just like a piece of clothing or 
attached to a piece of clothing similar to the way the cell phone is carried on the belt. 


Web 1.0 Websites that allow users to consume information. The information flow is one way in that 


users cannot produce information on a Web 1.0 site. 


Web 2.0 Are websites that allow users to produce as well as consume information i.e. Blogs and wikis. 
Web Authoring Software Helps design and develop Web sites and pages that are published on the 
Web. 


Web Beacon Web beacons are images that are placed in HTML documents (Web pages, HTML e-mail) 
to facilitate user activity tracking. Web beacons are usually used in conjunction with cookies and are often 
used to track visitors across multiple internet domains. Web beacon images are usually, but not always, small 


and “invisible.” 
Web Browser Software Enables the user to surf the Web. 


Web Browser A program that allows a user to find, view, hear, and interact with material on the Internet, 


including text, graphics, sound, and video. It is a client software program that can retrieve and display 
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information from servers on the World Wide Web. Examples include Microsoft’s Internet Explorer, Google’s 
Chrome, Apple’s Safari, and Mozilla’s Firefox. 


Web Bug A tiny image, invisible to a user, placed on Web pages in such a way to enable third parties 
to track use of Web servers and collect information about the user, including IP address, host name, browser 


type and version, operating system name and version, and cookies. 


Web Content Filtering Software A program that prevents access to undesirable Web sites, typically by 
comparing a requested Web site address to a list of known bad Web sites. 


Web Crawler A software program that searches the Web for specified purposes such as 
to find a list of all URLs within a particular site. 


Web Defacement Web site defacement. A form of malicious hacking in which a Web site is “vandalized.” 
Often the malicious hacker will replace the site’s normal content with a specific political or social message or 
will erase the content from the site entirely, relying on known security vulnerabilities for access to the site’s 


content. 


Web Farm Either a Web site that has multiple servers or an ISP that provides Web site outsourcing 


services using multiple servers. 


Web Hosting The business of providing the equipment and services required to host and 
maintain files for one or more Web sites and to provide fast Internet connections to those sites. Most hosting 


is “shared,” which means that web sites of multiple companies are on the same server in order to share costs. 


Web log Most Web servers produce “log files,” time stamped lists of every request that the server 
receives. For each request, the log file contains anonymous information such as date and time, the IP address 
of the browser making the request, the document or action that is being requested, the location of the 
document from which the request was made, and the type of browser that was being used. Log files are usually 


used to assure quality of service. They also can be used in a limited way to analyze visitor activity. 


Web Log Usually defined as an online diary or journal. It is usually updated frequently and offered in 
a dated log format with the most recent entry at the top of the page. It often contains links to other websites 


along with commentary about those sites or specific subjects, such as politics, news, pop culture or computers. 


Web Page A document designed for viewing in a web browser; typically written in HTML. A web site 


is made of one or more web pages. 


Web Portal A site that provides a wide range of services including search engines, free e-mail, chat rooms, 


discussion boards, and links to hundreds of different sites. 


Web Risk Assessment Processes for ensuring Web sites are in compliance with applicable policies. 


Web Server Using the client-server model and the World Wide Web’s HyperText Transfer Protocol 
(HTTP), Web Server is a software program that serves web page files to users. 


Web Services Software applications that talk to other software applications over the 
Internet using XML as a key enabling technology. 


Web Site Address unique name that identifies a specific site on the Web. 
Web Site A specific location on the Web where the user can visit, gather information, and order 
products. 
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Web Space A storage area where the user’s Web site can be kept. 


Web World Wide Web. 
Webcam A digital camera that can transmit images over the Internet. 
WebDAV Web-based Distributed Authoring and Versioning. A set of extensions to the HTTP 


protocol that allows multiple users to not only read but also to add, delete, and change documents residing on 
a web server. In order to use WebDAV you need WebDAV client software to connect to a HTTP server that 
has the WebDAV extensions installed. Virtually all common HTTP servers have WebDAV extensions 


available to them. 


Website The entire collection of web pages and other information (such as images, sound, and video 


files, etc.) that are made available through what appears to users as a single web server. 
WEDI Workgroup on Electronic Data Interchange. 


Well-Know Ports Well-known ports--O through 1023. Controlled and assigned by the Internet Assigned 
Numbers Authority (IANA), and on most systems can be used only by system (or root) processes or by 
programs executed by privileged users. The assigned ports use the first portion of the possible port numbers. 
Initially, these assigned ports were in the range 0-255. Currently, the range for assigned ports managed by the 
IANA has been expanded to the range 0-1023. 


WEP Wired Equivalent Privacy is a security protocol for Wi-Fi networks. 
WEQ Weighted Fair Queuing. 
Whaling A digital con game meant to swindle corporate employees, especially those of upper position, 


into divulging confidential information on their databases. 


White Hat A white hat is a computer hacker who works to find and fix computer security risks, White 
hat consultants are often hired to attempt to break into their client's network to see if all security holes have 


been addressed. 


White Papers A white paper is a persuasive, educational document that informs readers of the best manner 
in which to solve a problem also described in the text. Other content might include the introduction of new 


information or may be instructional in nature, and could be accompanied by graphs or charts. 


White Team (1) The group responsible for refereeing an engagement between a Red Team of mock 
attackers and a Blue Team of actual defenders of their enterprise’s use of information systems. In an exercise, 
the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, 
resolves any problems that may arise, handles all requests for information or questions, and ensures that the 
competition runs fairly and does not cause operational problems for the defender's mission, The White Team 
helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing 
operational security for the engagement. The White Team normally has responsibility for deriving lessons- 
learned, conducting the post engagement assessment, and promulgating results. (2) Can also refer to a small 
group of people who have prior knowledge of unannounced Red Team activities. The White Team acts as 
observers during the Red Team activity and ensures the scope of testing does not exceed a predefined 


threshold. 


Whitelist A list of computers, IP (Internet Protocol) addresses, user names or other identifiers to 


specifically allow access to a computing resource. Normally combined with a default "no-access" policy. 
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Whitelisting Software A form of filtering that only allows connections to a pre-approved list of 
sites that are considered useful and appropriate for children. Parents sometimes use such software to prevent 
Pprop P 
children from visiting all but certain websites. You can add and remove sites from the “permitted” list. This 
g P 


method is extremely safe, but allows for only extremely limited use of the Internet. 


Whois An Internet resource that permits users to initiate queries to a database containing 


information on users, hosts, networks, and domains. 


WiFi Wireless Fidelity. A way of transmitting information in a wave form that is reasonably fast 
and is often used for notebooks. Also known as IEEE 802.1 Ib. 


Wiki Web applications or similar tools that allow identifiable users to add content (as in an 
Internet forum) and allow anyone to edit that content collectively. On wiki web sites, the content can be easily 
edited and altered from the web browser it can be viewed. Typically there is an "edit" button on each page and 
the wiki is configured to allow either anyone or only people with passwords to edit each page. The word 
"wiki" comes from a Hawaiian word meaning quick; Web applications or similar tools that allow identifiable 


users to add content (as in an Internet forum) and allow anyone to edit that content collectively. 
Window of Vulnerability The period of time in which a vulnerability can possibly be exploited. 
Wired Communications Media that transmit information over a closed connected path, 


Wired Equivalent Privacy (WEP) A scheme that is part of the IEEE 802.11 wireless networking standard to 
secure IEEE 802.11 wireless networks (also known as Wi-Fi networks). Because a wireless network broadcasts 
messages using radio, it is particularly susceptible to eavesdropping. WEP was intended to provide comparable 
confidentiality to a traditional wired network (in particular, it does not protect users of the network from each 
other), hence the name. Several serious weaknesses were identified by cryptanalysts, and WEP was superseded 
by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.1 ]i standard (also known as 
WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. 


WEP is no longer considered a viable encryption mechanism due to known weaknesses. 
Wireless Communications Media that transmit information through the air. 


Wireless Fidelity (Wi-Fi) Internet Access Wi-Fi internet access is wireless 
networking technology that uses radio waves to provide wireless high-speed internet and network connections. 
Wi-Fi works with no physical wired connection between sender and receiver by using radio frequency 
technology. In order to connect to an access point and join a wireless network, computers and devices must be 


equipped with wireless network adapters. 


Wireless ISP Wireless Internet Service Provider. A company that provides the same 


services as a standard Internet service provider except that the user does not need a wired connection for access. 
Wireless Network Access Point A device that allows computers to access a network using radio waves. 


Wireless Payment Terminal Payment terminal that connects to the Internet using any of various 


wireless technologies. 


Wireless Technology Technology that permits the transfer of information between separated 
points without physical connection. Currently wireless technologies use infrared, acoustic, radio frequency, and 


optical. 
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Wiretapping Eavesdropping on data or voice transmissions by attaching unauthorized 
equipment or software to the communications medium (in the case of wires, coaxial metal cables and optical 
cables) or by intercepting and interpreting broadcast data (in the case of wireless phones, cellular phones, and 


wireless networks). 


Wiring Closet Specially designed room used for wiring a data or voice network. Wiring closets serve as a 


central junction point for the wiring and wiring equipment that is used for interconnecting devices. 
Wisdom Understanding of what is true, right or lasting. 


WLAN Wireless Local Area Network. A group of wireless networking devices within a limited 
geographic area, such as an office building, that exchange data through radio communications. The security of 
each WLAN is heavily dependent on how well each WLAN component including client devices, APs, and 
wireless switches is secured throughout the WLAN lifecycle, from initial WLAN design and deployment 


through ongoing maintenance and monitoring. 
gs going 8 


WLL Wireless Local Loop. A means of provisioning a local loop facility without wires. 
Employing low power, omnidirectional radio systems, they allow carriers to provision loops up to T-I 


capacity to each subscriber. 


Word Processing The use of computers or other technology for storage, editing, correction, revision, and 


production of textual files in the form of letters, reports, and documents. 


Word In computer memory, a contiguous set of bits used as a basic unit of storage. Words are 


usually 8,16, 32, or 64 bits long. 


Work Factor Estimate of the effort or time needed by a potential perpetrator, with specified expertise and 


resources, to overcome a protective measure, 


Workflow Defines all of the steps or business rules, from beginning to end, required for a process to 


run correctly. 


Workgroup A group of people who can work together to achieve a common set of goals, linked together 


via technological tools and hardware. 


World Wide Web The World wide web or web as it is more commonly called, is a collection 
of pages on the internet that can be read accessed with any web enable devise such as mobile phone, PDA and 
computers. Users need an internet connection, a computer, a web browser, in order to access and interact with 


the online information that forms part of the web. 


Worm Originally an acronym for “Write once, read many times,” a type of electronic infection that 
can run independently, can propagate a complete working version of itself onto other hosts on a network, and 
may consume computer resources destructively. Once this malicious software is on a computer, it scans the 
network for another machine with a specific security vulnerability. When it finds one, it exploits the weakness 


to copy itself to the new machine, and then the worm starts replicating from there, as well. 


WPA2 Wi-Fi protected access 2. Wireless security protocol that supports 802.I]i encryption 
standards to provide greater security. This protocol uses Advanced Encryption Standards (AES) and 
Temporal Key Integrity Protocol (TKIP) for stronger encryption. 


Write Access Permission to write to an object in an information system, 
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Write blocker A devices that allows the acquisition of information on a drive without 


creating the possibility of accidentally damaging the drive. 


Write Protect The use of hardware or software to prevent data to be overwritten or 
deleted. 
Write Fundamental operation in an information system that results only in the flow of information 


from a subject to an object. 


Write-Blocker A device that allows investigators to examine media while preventing data writes from 


occurring on the subject media. 
WWW World Wide Web. 


X.25 X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) 
communication, An X.25 WAN consists of packet-switching exchange (PSE) nodes as the networking 
hardware, and leased lines, plain old telephone service connections, or ISDN connections as physical links. 
X.25 is a family of protocols that was popular during the 1980s with telecommunications companies and in 
financial transaction systems such as automated teller machines. X.25 was originally defined by the 
International Telegraph and Telephone Consultative Committee (CCITT, now ITU-T) in a series of drafts 
and finalized in a publication known as The Orange Book in 1976. 


X.400 X.400 is a suite of ITU-T Recommendations that define standards for Data 
Communication Networks for Message Handling Systems (MHS) — more commonly known as email. The 
first X.400 Recommendations were published in 1984 (Red Book), and a substantially revised version was 
published in 1988 (Blue Book). New features were added in 1992 (White Book) and subsequent updates. 
Although X.400 was originally designed to run over the OSI transport service, an adaptation to allow 
operation over TCP/IP, RFC 1006, has become the most popular way to run X.400. 


X.500 X.500 is a series of computer networking standards covering electronic directory services. 
The X.500 series was developed by ITU-T, formerly known as CCITT, and first approved in 1988.[1] The 
directory services were developed in order to support the requirements of X.400 electronic mail exchange and 
name lookup. ISO was a partner in developing the standards, incorporating them into the Open Systems 
Interconnection suite of protocols. ISO/IEC 9594 is the corresponding ISO identification. 


X.509 Certificate The X.509 public-key certificate or the X.509 attribute certificate, as defined by the 
ISO/ITU-T X.509 standard. Most commonly, an X.509 certificate refers to the X.509 public-key certificate. 


X.509 Public Key Certificate A digital certificate containing a public key for entity and a name for the 
entity, together with some other information that is rendered unforgeable by the digital signature of the 
certification authority that issued the certificate, encoded in the format defined in the ISO/ITU-T X.509 
standard. 


X.509 A standard which is part of the X.500 specifications which defines the format of a public 
key certificate. 

X/recommendations The ITU-TSS documents that describe data communication network 
standards. 


XCBC-MAC A three-key variant of the CBC-MAC that overcomes the fundamental limitation of that 
MAC. 
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XCCDF Extensible Configuration Checklist Description Format. SCAP language for specifying 
checklists and reporting checklist results. 


XDSL A group term used to refer to ADSL (Asymmetrical Digital Subscriber Line), HDSL (High 
data rate Digital Subscriber Line), and SDSL (Symmetrical Digital Subscriber Line). All are digital 
technologies using the existing copper infrastructure provided by the telephone companies. XDSL is a high- 
speed alternative to ISDN. 


XHTML eXtensible HyperText Markup Language. Basically HTML expressed as valid XML. 
XMACC A patented parallelizable Message Authentication Code. 
XML eXtensible Markup Language. A coding language for the Web that lets computers interpret 


the meaning of information in Web documents. A widely used system for defining data formats. XML 
provides a very rich system to define complex documents and data structures such as invoices, molecular data, 
news feeds, glossaries, inventory descriptions, real estate properties, etc; As long as a programmer has the XML 
definition for a collection of data then they can create a program to reliably process any data formatted 
according to those rules. XML is a subset of the older SGML specification the definition of XML is SGML 


minus a couple of dozen items. 


XML Extensible Markup Language. Designed to enable the use of SGML on the World Wide 
Web, XML is a regular markup language that defines what you can do (or what you have done) in the way of 
describing information for a fixed class of documents (like HTML). XML goes beyond this and allows you to 
define your own customized markup language. It can do this because it is an application profile of SGML. 
XML is a metalanguage, a language for describing languages. 


XMLRPC XML Remote Procedure Call. Is a protocol for client-server communication that sends and 
receives information "on top of" HTTP. The data sent and received is in a particular XMLformat specifically 
designed for use with XMLRPC, 


XNS Xerox Network Systems. 


X-Open A group of computer manufacturers who promote the development of portable applications 


based on UNIX. They publish a document called the X-Open Portability Guide. 


XOR The XOR (exclusive-OR) gate acts in the same way as the logical “either/or.” The output is 
“true” if either, but not both, of the inputs are “true.” The output is “false” if both inputs are “false” or if 
both inputs are “true.” Another way of looking at this circuit is to observe that the output is I if the inputs are 
different, but 0 if the inputs are the same. 


XOT X.25 over TCP. 


XPFE Cross Platform Front End. A suite of technologies used to create applications that will work 
and look the same on different computer operating systems. A widely used XPFE application is the Mozilla 
web browser and its derivities, such as the Netscape web browser in version 7 and later. The primary 


technologies used in creating XPFE applications are JavaScript, Cascading Style Sheets, and XUL. 


XSS Cross Site Scripting. A vulnerability that allows attackers to inject malicious code into an 
otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and 


can therefore compromise the confidentiality and integrity of data transfers between the website and client. 
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Websites are vulnerable if they display user supplied data from requests or forms without sanitizing the data 


so that it is not executable. 


XUL eXtensible User-interface Language. A markup language similar to HTML and based on 
XML. XUL used to define what the user interface will look like for a particular piece of software. XUL is 
used to define what buttons, scrollbars, text boxes, and other user-interface items will appear, but it is not used 
to define how those items will look (e.g. what color they are). The most widely used example of XUL use is 
probably in the Firefox web browser, where the entire users interface is defined using the XUL language. 


YARA A tool aimed at (but not limited to) helping malware researchers to identify and classify 
malware samples. With YARA you can create descriptions of malware families (or whatever you want to 
describe) based on textual or binary patterns. Each description, a.k. a rule, consists of a set of strings and a 


boolean expression which determine its logic. 


YB Yottabyte. A Yottabyte is 1,208,925,819,614,629,174,706,176 bytes, 1,024 Zettabytes, or 
1,048,576 Exabytes. 
YCbCr A setting used in the representation of digital images. Y is the luminance component; Cb,Cr 


are the chrominance components. 


ZB Zettabyte. A Zettabyte is 1,180,591,620,717,411,303,424 bytes, 1,024 Exabytes, or 
1,048,576 Petabytes. 
ZCS Zero Code Suppression. The insertion of a “I” bit to prevent the transmission of eight or 


more consecutive “O” bits. 


Zero Day Attack A zero day attack refers to a hole in software that is unknown to the vendor. This security 
hole is then exploited by hackers before the vendor becomes aware and races to fix it. Uses of zero day attacks 


can include infiltrating malware, spyware or allowing unwanted access to user information. 


Zero Day ExploitA Zero day vulnerability is one on which code to exploit it appears on the first day that a 
loophole is announced. As most of the damage done by exploiting bugs occurs in the first few days after they 


become public, software firms usually move quickly to patch zero day vulnerabilities. 


Zero Fill To fill unused storage locations in an information system with the representation of the 


character denoting "0." 


Zeroization A method of erasing electronically stored data, cryptographic keys, and CSPs by altering or 
deleting the contents of the data storage to prevent recovery of the data. 


Zeroize To remove or eliminate the key from a cryptographic equipment or fill device. Overwrite a 
memory location with data consisting entirely of bits with the value zero so that the data is destroyed and not 
recoverable. This is often contrasted with deletion methods that merely destroy reference to data within a file 


system rather than the data itself. 
Zip drive A high capacity, removeable diskette drive that typically uses IOOMB Zip disks or cartridges. 
ZIP Zone Information Protocol. The protocol by which AppleTalk network numbers were 


associated with zone names. A zone was a subdivision of the network that made sense to humans (for example, 
"Accounting Department"); but while a network number had to be assigned to a topologically-contiguous 


section of the network, a zone could include several different discontiguous portions of the network. 
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Zombie Zombie computer. In computer science, a zombie is a computer connected to the Internet 
that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform 
malicious tasks of one sort or another under remote direction, Botnets of zombie computers are often used to 


spread e-mail spam and launch denial-of-service attacks (DOS attacks). 


Zone of Control Three-dimensional space surrounding equipment that processes classified and/or sensitive 
information within which TEMPEST exploitation is not considered practical or where legal authority to 
identify and remove a potential TEMPEST exploitation exists. 
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